stackoom
  简体   繁体   中英

Double Hashing Using MD5 with SHA-1

 原文  2014-02-26 02:07:45       php/ mysql/ sql/ hash

Question

The following code creates an MD5 hash and then hashes it again with SHA-1 – is this secure? 

$user = $_POST['username'];
$username = mysqli_real_escape_string($mysqli, $user);
$pass = md5($_POST['password']);
$password = sha1($pass);

Does this increase collision possibilities?
Are there any other ways in order to hash and be very fast in processing the password?

2 answers

solution1
 2  2014-02-26 02:45:24

There is no practical advantage over single hashing.

Note that MD5 is now considered broken as it is vulnerable to many practical attacks, and algorithms such as SHA1 are not recommended for password hashing.

There are algorithms designed specifically for password hashing, such as PBKDF2. You should use PBKDF2 as your hash - see this question on security.stackexchange.com. .

solution2
 0  2015-06-16 15:11:15

Use sha2 https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_sha2 

mysql> SELECT SHA2('abc', 224);

SHA2() can be considered cryptographically more secure than MD5() or SHA1().

SHA2() was added in MySQL 5.5.5.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Password Hashing, BCrypt to SHA1/MD5 PHP - MD5, SHA, Hashing security Multiple times hashing with MD5 and SHA1 hashing the password using md5 md5 hashing using password as salt? PHP MD5 hashing PHP md5 hashing not working Using crc32 over md5 for hashing memcached keys Password hashing in php MD5 phpspreadsheet use of the MD5 hashing
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM