Forum Moderators: coopster
For example sha1, md5 and more ways... and if they are one way encryptable or they can be decrypted too?
Which is better md5 or sha1?
The info jatar_k posted in there is pretty good. I generally use MD5, although I've seen people use sha1, as well.
For very basic protection you could use the ROT-13 encoding using str_rot13 function. However it would only stop people with a metal age of around 5 ;)
MD-5 and SHA-1 are both hashing algorithms so in theory they are 1 way. Both have been shown to have collisions, as they are not strictly 1:1 algorithms.
A while ago I wrote something that would 'decrypt' MD-5 in about 15 mins while running in the background of a normal PC. While it wouldn't guarantee to provide the original string that was hashed it would provide a string that produced the same hash in the end. Search the web for rainbow tables and you will find information that will help to 'decrypt' hashes.
PHP does have full encryption algorithms, so if you want to be able to go both ways. See [uk3.php.net...]
For the majority of applications md5 or sha1 is going to be an acceptable level of security, as you are only hashing inputs as an additional security measure. sha1 is going to be more secure as it is more complex than md5.
If you want increased security then use a pre-set string at the start and/or end of the user supplied password i.e.
user supplied password $p = 'let me in';
your stored password is
$md5('myrandomstartstring123456789'.$p.'morerandomrubbish654652135465');
this only helps as collisions are more likely the smaller the input string...it still doesnt help if someone wants to make there password something stupid.
The largest security risk that you have is people choosing there own password and using the all to common list - password, letmein, there name, opensaysme (or similar), etc. If you can stop people using stupid passwords then you will have got most of the way through the battle of securing your system.
