[Jakub]

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

[Sikom]

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

What do you mean by your own "hash" function? I think MD5 is considered unsecure, and I don't think you should use it.

[Jakub]

I have my own algorythm, php script which is hashing passwords, texts etc. (i.e. it will change "a" to "#72gwvs&") i'm using that hashing for my own private website where i have all of my projects. Once a month i'm changing algorythm for safety

[Sikom]

I have my own algorythm, php script which is hashing passwords, texts etc. (i.e. it will change "a" to "#72gwvs&") i'm using that hashing for my own private website where i have all of my projects. Once a month i'm changing algorythm for safety

Do you even know anything about cryptology?

[Blink]

Im hashing passwords on my websites/scripts using double md5 + salt and i personally prefer this way.

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

PHP has a password_hash() function for a reason. Use it, the default algorithm is BCRYPT. @Sikom this goes to you aswell.

[Ecks]

Never try to out think crackers man, never use your own algorithm, always use opensourced crypto.

[mothered]

PHP has a password_hash() function for a reason.  Use it, the default algorithm is BCRYPT.

This ^^ Enough said.

It's key stretching algorithm speaks for Itself.

[Sikom]

md5 is not really secure though is it?

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Code:

function hashPassword($password, $salt){
   $secretkey = 'A long key that is in code. Over 1000 chars';
   
   //Amount of iterations
   $iterations = 100;
   $hash = hash('sha512', $salt . $password . $secretkey);

   for($i = 0; i < $iterations-1; $i++) {
       $hash = hash('sha512', $salt . $hash . $secretkey);
   }
   return $hash;
}
function checkPassword($password, $hashedPassword, $salt){
   //Hashes the password for comparing to the hashedPassword in the db
   $hash = hashPassword($password, $salt);

   //Sleep to prevent a timing attack
   usleep(random_int(100,1000));
   if($hash === $hashedPassword){
       return true;
   }
   return false;
}

[Pikami]

i'm working with it for 1 year now and for now it's okay. But i have my own "hash" function so if double md5 with salt fails i will switch to my hash function

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Code:

function hashPassword($password, $salt){
   $secretkey = 'A long key that is in code. Over 1000 chars';
   
   //Amount of iterations
   $iterations = 100;
   $hash = hash('sha512', $salt . $password . $secretkey);

   for($i = 0; i < $iterations-1; $i++) {
       $hash = hash('sha512', $salt . $hash . $secretkey);
   }
   return $hash;
}
function checkPassword($password, $hashedPassword, $salt){
   //Hashes the password for comparing to the hashedPassword in the db
   $hash = hashPassword($password, $salt);

   //Sleep to prevent a timing attack
   usleep(random_int(100,1000));
   if($hash === $hashedPassword){
       return true;
   }
   return false;
}

This is not a good solution.
Use BCRYPT man

[Sikom]

This beyond stupid.
MD5 was peer reviewed and looked over by tons of security experts, yet it was still broken.
Your own algorithm is probably not as advanced as MD5, and is a major security hole.

Use bcrypt or something ffs

Would agree with that being beyond stupid


Is this a good solution @'ender'?

Code:

function hashPassword($password, $salt){
   $secretkey = 'A long key that is in code. Over 1000 chars';
   
   //Amount of iterations
   $iterations = 100;
   $hash = hash('sha512', $salt . $password . $secretkey);

   for($i = 0; i < $iterations-1; $i++) {
       $hash = hash('sha512', $salt . $hash . $secretkey);
   }
   return $hash;
}
function checkPassword($password, $hashedPassword, $salt){
   //Hashes the password for comparing to the hashedPassword in the db
   $hash = hashPassword($password, $salt);

   //Sleep to prevent a timing attack
   usleep(random_int(100,1000));
   if($hash === $hashedPassword){
       return true;
   }
   return false;
}

This is not a good solution.
Use BCRYPT man

Why is that not a good solution?