Security Basics mailing list archives

Re: Secure Login Form

From: Bipin Upadhyay <muxical.geek () gmail com>
Date: Sat, 19 Jan 2008 16:27:41 +0530

krymson () gmail com wrote:
[SNIPPED]

to take the password from the webform and hash it using the SHA1 algorithm

before passing it to the database for a check via a PHP file. I chose the

SHA1 algorithm because MD5, while common, is fairly easy to crack if

someone gets ahold of the MD5 hash. SHA1 is more robust (someone correct

me if I am wrong in this).

SHA1 or MD5, always salt it.
For better results, be paranoid and double hash it. :)
viz.
md5($salt.md5($pass))
md5(md5($salt.$pass)).. etc. etc.

--Bipin Upadhyay,
http://projectbee.org

Current thread:

Secure Login Form Jonathan Askew JBASKEW (Jan 16)
- Re: Secure Login Form cory (Jan 16)
- Re: Secure Login Form Josh Haft (Jan 16)
- RE: Secure Login Form benoni.martin (Jan 17)
- Re: Secure Login Form Rodrigo Blanco (Jan 19)
- Re: Secure Login Form Joe Yong (Jan 21)
- <Possible follow-ups>
- Re: Secure Login Form krymson (Jan 17)
  - Re: Secure Login Form MaddHatter (Jan 18)
  - Re: Secure Login Form Bipin Upadhyay (Jan 19)