Home Is my data safe with encryption?
Reply: 2

Is my data safe with encryption?

user8355629
1#
user8355629 Published in 2017-12-07 19:21:36Z

This question already has an answer here:

  • Secure hash and salt for PHP passwords 14 answers

In storing passwords in php mysql, can i assume the passwords to be safe if i were to run md5 algorithm again and again and with combination of text replacement and rotation?

OhHeyItsDurn
2#
OhHeyItsDurn Reply to 2017-12-07 19:31:28Z

No this is not safe. You should definitely hash passwords and other sensitive data with a salt appended with the password. This makes it difficult to obtain the password and instead an attacker would have to compare hashes to the existing value for extra security.

zaph
3#
zaph Reply to 2017-12-07 19:32:56Z

No, MD5 is not secure to use to create a password verifier.

With PHP use password_hash and password_verify, the pair are secure and easy to use.

When saving a password verifier just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead use a function such as PBKDF2, Rfc2898DeriveBytes, Argon2, password_hash, Bcrypt or similar functions with about a 100ms duration. Make the attacker spend substantial of time finding passwords by brute force.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.307992 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO