StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSecure hash and salt for PHP passwords
primarykey
Id
401656
data
AcceptedAnswerId
401684
AnswerCount
14
ClosedDate
CommentCount
7
CommunityOwnedDate
CreationDate
2008-12-30T22:02:45.637
FavoriteCount
608
LastActivityDate
2018-03-20T09:48:43.407
LastEditDate
2017-05-23T12:18:25.157
LastEditorUserId
-1
OwnerUserId
32775
ParentId
0
PostTypeId
1
Score
1054
ViewCount
189361
LastEditorDisplayName
luiscubal
text
Body
It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. This question, <a href="https://stackoverflow.com/questions/348109/is-double-hashing-a-password-less-secure-than-just-hashing-it-once">Is “double hashing” a password less secure than just hashing it once?</a> suggests that hashing multiple times may be a good idea, whereas <a href="https://stackoverflow.com/questions/55862/how-to-implement-password-protection-for-individual-files#55904">How to implement password protection for individual files?</a> suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. <ol> <li>The hashing mechanism must be available in PHP</li> <li>It must be safe</li> <li>It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?)</li> </ol> Also, should I store two fields in the database (one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. Related questions that don't quite cover my question: <a href="https://stackoverflow.com/questions/157998/whats-the-difference-between-sha-and-md5-in-php">What's the difference between SHA and MD5 in PHP</a> <a href="https://stackoverflow.com/questions/30946/simple-password-encryption">Simple Password Encryption</a> <a href="https://stackoverflow.com/questions/198803/secure-methods-of-storing-keys-passwords-for-asp-net">Secure methods of storing keys, passwords for asp.net</a> <a href="https://stackoverflow.com/questions/205153/how-would-you-implement-salted-passwords-in-tomcat-5-5">How would you implement salted passwords in Tomcat 5.5</a>
Tags
<php><security><passwords><hash><protection>
Title
Secure hash and salt for PHP passwords
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USluiscubal
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSecure hash and salt for PHP passwords
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POSecure hash and salt for PHP passwords
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POSecure hash and salt for PHP passwords
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.