What is better? Password_hash vs. SHA256 vs. SHA1 vs. md5

md5 store sha1 sha256 password-hash
Joci93 picture Joci93 · Mar 19, 2015 · Viewed 15.9k times · Source

What is better with salt for password storage?

MD5:

$hash = md5($password . $salt);

Password_hash:

$hash = password_hash($password, PASSWORD_DEFAULT, $salt);

SHA1:

$result = sha1($salt.$string);

Answer

martinstoeckli picture martinstoeckli · Mar 19, 2015

You should absolutely use the password_hash() function without providing your own salt:

$hash = password_hash($password, PASSWORD_DEFAULT);

The function will generate a safe salt on its own. The other algorithms are ways too fast to hash passwords and therefore can be brute-forced too easily (about 8 Giga MD5 per second).

Related questions

How can I generate an MD5 hash?

Is there any method to generate MD5 hash of a string in Java?

Read More
Is it possible to decrypt MD5 hashes?

Someone told me that he has seen software systems that: retrieve MD5 encrypted passwords from other systems; decrypt the encrypted passwords and store the passwords in the database of the system using the systems own algorithm. Is that possible? I …

Read More
encrypt and decrypt md5

I am using code $enrypt=md5($pass) and inserting $encrypt to database. I want to find out a way to decrypt them. I tried using a decrypting software but it says the hash should be of exactly 16 bytes. is there …

Read More