how to implement sha 512,md5 and salt encryption all for one password

php cryptography md5 salt sha512
Ainz-sama picture Ainz-sama · Feb 11, 2014 · Viewed 33.8k times · Source 
$pass="test"

the above variable contains a password called test.I want to hash this password using sha512 md5 and salt how do i do that as ive found only benifits of salt and sha512,i allready know md5 encryption.please i need the solution as my system is vunerable

and please explain it with a code example because im still attached to md5

from what ive understood by your comments and answers ive got the following code

$pass="test";
$hashed_pass= openssl_digest($pass, 'sha512');

ok seems solid enough but what is [salt='']? does it generate a random salt string or something if so the how to implement it?

Answer

Sammitch picture Sammitch · Feb 11, 2014

Edit: Since this answer still seems to be generating a bit of interest, let me steer you all towards password_hash() which is essentially a wrapper around crypt() but much simpler to use. If you're using PHP<5.5 there is password_compat which was written by the same guy and is actually linked off of the official documentation.

If you're already using crypt() it's worth noting that both password_verify() and password_needs_rehash() will work with all crypt()-style passwords, so there's hardly a reason not to update!

Use crypt(), it provides MUCH stronger hashing methods.

Hash a new password:

// generate a 16-character salt string
$salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
// how many times the string will be hashed
$rounds = 10000;
// pass in the password, the number of rounds, and the salt
// $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512
echo crypt('password123', sprintf('$5$rounds=%d$%s$', $rounds, $salt));
// output: $5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8

Compare an existing password:

// the hash stored for the user
$given_hash = '$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8';
$test_pw = 'password123';

// extract the hashing method, number of rounds, and salt from the stored hash
// and hash the password string accordingly
$parts = explode('$', $given_hash);
$test_hash = crypt($test_pw, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));

// compare
echo $given_hash . "\n" . $test_hash . "\n" . var_export($given_hash === $test_hash, true);
/* output:
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
$5$rounds=10000$3ES3C7XZpT7WQIuC$BEKSvZv./Y3b4ZyWLqq4BfIJzVHQweHqGBukFmo5MI8
true */

Related questions

shorter php cipher than md5?

For a variety of stupid reasons, the maximum length of a given form variable that we are posting to an external server is 12 characters. I wanted to obscure that value with md5, but obviously with 12 characters that isn't going to …

Read More
Why is MD5'ing a UUID not a good idea?

PHP has a uniqid() function which generates a UUID of sorts. In the usage examples, it shows the following: $token = md5(uniqid()); But in the comments, someone says this: Generating an MD5 from a unique ID is naive and reduces …

Read More
Can you convert the output of php crypt() to valid MD5?

I have some strings that have been encrypted using the PHP function crypt(). The outputs look something like this: $1$Vf/.4.1.$CgCo33ebiHVuFhpwS.kMI0 $1$84..vD4.$Ps1PdaLWRoaiWDKCfjLyV1 $1$or1.RY4.$v3xo04v1yfB7JxDj1sC/J/ While I believe crypt() is …

Read More