Home Is my data safe with encryption?
Reply: 2

Is my data safe with encryption?

user8355629 Published in 2017-12-07 19:21:36Z

This question already has an answer here:

  • Secure hash and salt for PHP passwords 14 answers

In storing passwords in php mysql, can i assume the passwords to be safe if i were to run md5 algorithm again and again and with combination of text replacement and rotation?

OhHeyItsDurn Reply to 2017-12-07 19:31:28Z

No this is not safe. You should definitely hash passwords and other sensitive data with a salt appended with the password. This makes it difficult to obtain the password and instead an attacker would have to compare hashes to the existing value for extra security.

zaph Reply to 2017-12-07 19:32:56Z

No, MD5 is not secure to use to create a password verifier.

With PHP use password_hash and password_verify, the pair are secure and easy to use.

When saving a password verifier just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead use a function such as PBKDF2, Rfc2898DeriveBytes, Argon2, password_hash, Bcrypt or similar functions with about a 100ms duration. Make the attacker spend substantial of time finding passwords by brute force.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.307992 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO