stackoom
  简体   繁体   中英

How can I make this more secure?

 原文  2012-06-18 00:04:17       php/ login/ hash

Question

I am making a login system in PHP and I was wondering if this current hash function I have is secure enough. 

public function genHash( $user, $pass )
{
    $user = strtoupper($user);
    $staticSalt  = $this->staticSalt;
    $dynamicSalt = hash('SHA512', md5($user . $pass) . sha1($pass) . hash('SHA512', $user . $pass));
    $final       = hash('WHIRLPOOL', $pass . $dynamicSalt . $staticSalt);
    return $final;
}

The static salt is just a bunch of random characters. Anyway, how can I make it more secure?

1 answers

solution1
 2  2012-06-18 00:08:40

You could use different salts for each user and store them in the database but besides that this system looks pretty secure. (Not knowing the details of the server).

EDIT:

Theoretically multihashing a string increases the chance of hash collisions but I haven't found anything reliable that says this is a practical risk.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I make $_SESSIONs more secure? how can I make new users password more secure? How Can I Make This Login System More Secure How can I make MD5 more secure? Or is it really necessary? How can I make this php database class more secure? How could I make this PHP $_POST more secure? -Or is it secure already? How can I make these three statements more secure against SQL injection? How do i make $_GET more secure.? How to make more secure login system with codeigniter? How to make this login/redirect method more secure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM