Secure hash and salt for PHP passwords

It is currently said that MD5 is partially unsafe. Taking this into consideration, I’d like to know which mechanism to use for password protection.

This question, Is “double hashing” a password less secure than just hashing it once?
suggests that hashing multiple times may be a good idea, whereas How to implement password protection for individual files? suggests using salt.

I’m using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I’d prefer the result to have a constant number of characters.

  1. The hashing mechanism must be available in PHP
  2. It must be safe
  3. It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?)

Also, should I store two fields in the database (one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer?

In case I wasn’t clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism.

Related questions that don’t quite cover my question:

What’s the difference between SHA and MD5 in PHP
Simple Password Encryption
Secure methods of storing keys, passwords for
How would you implement salted passwords in Tomcat 5.5

Source: Stackoverflow Php

Share on Facebook0Tweet about this on Twitter0Share on Google+0Pin on Pinterest0Share on LinkedIn0Share on Reddit0
It's only fair to share...

Add Comment

Required fields are marked *. Your email address will not be published.