Make this password hash SHA512 or something

[Proximity]

final public function hashed($password) {
return md5($password);
}

 

[Weasel]

final public function hashed($password) {
    return hash("sha512", $password);
}

 

[Proximity]

What about sha512/salt

not sure how a salt would work

 

[Weasel]

You must be registered for see links

 

[Ecko]

You must be registered for see links

 

[griimnak]

salt:

public static function salt($length) {
        return mcrypt_create_iv($length);
    }

self::salt(32);

usage from gHabbo:

 

[Weasel]

salt:

public static function salt($length) {
        return mcrypt_create_iv($length);
    }

self::salt(32);

usage from gHabbo:

That's some horrible encryption. Just use blowfish with a salt (and a cost of 10).

 

[griimnak]

That's some horrible encryption. Just use blowfish with a salt (and a cost of 10).

why is it bad? i figured mcrypt would be nice for salting since it uses unique characters

 

[RastaLulz]

Use the

You must be registered for see links

function provided by PHP, and don't try and create your own method for hashing passwords; you're not a security expert.

Example:

<?php

$password = 'password';

echo password_hash($password, PASSWORD_BCRYPT);

It will also create a salt for you, so please do not attempt to create your own; the ability to will be depreciated in PHP 7 anyways.

You can find all the password hashing functions

You must be registered for see links

.

 

[griimnak]

Use the

You must be registered for see links

function provided by PHP, and don't try and create your own method for hashing passwords; you're not a security expert.

Example:

<?php

$password = 'password';

echo password_hash($password, PASSWORD_BCRYPT);

It will also create a salt for you, so please do not attempt to create your own; the ability to will be depreciated in PHP 7 anyways.

You can find all the password hashing functions

You must be registered for see links

.

Thanks for this, i didn't even know this function existed man.