Security Basics mailing list archives
Re: Secure Login Form
From: Bipin Upadhyay <muxical.geek () gmail com>
Date: Sat, 19 Jan 2008 16:27:41 +0530
krymson () gmail com wrote: [SNIPPED]
to take the password from the webform and hash it using the SHA1 algorithm before passing it to the database for a check via a PHP file. I chose the SHA1 algorithm because MD5, while common, is fairly easy to crack if someone gets ahold of the MD5 hash. SHA1 is more robust (someone correct me if I am wrong in this).
SHA1 or MD5, always salt it. For better results, be paranoid and double hash it. :) viz. md5($salt.md5($pass)) md5(md5($salt.$pass)).. etc. etc. --Bipin Upadhyay, http://projectbee.org
Current thread:
- Secure Login Form Jonathan Askew JBASKEW (Jan 16)
- Re: Secure Login Form cory (Jan 16)
- Re: Secure Login Form Josh Haft (Jan 16)
- RE: Secure Login Form benoni.martin (Jan 17)
- Re: Secure Login Form Rodrigo Blanco (Jan 19)
- Re: Secure Login Form Joe Yong (Jan 21)
- <Possible follow-ups>
- Re: Secure Login Form krymson (Jan 17)
- Re: Secure Login Form MaddHatter (Jan 18)
- Re: Secure Login Form Bipin Upadhyay (Jan 19)