{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我命由我不由天 的问题《What is the most secure hashing method? (PHP)》','https://www.manongdao.com/q-1220902.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have just noticed that I have SHA512 in my PHP installation. Is it more secure than SHA1? Is it the most secure hashing method (I need for passwords, not for file integrity checking)?
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- PHP Recursively File Folder Scan Sorted by Modific
- Can php detect if javascript is on or not?
- Using similar_text and strpos together
Sha512 is better.. I also would recommend to use salt
Also see: Secure hash and salt for PHP passwords
In response to @Buddy, speed is not your friend when hashing; the slower the better. If someone is trying to brute force your password, an algorithm that takes a long time will mean the hack will take a long time.
You can try This Link , it is a library for doing randomly generated salt hashing ,one of the most secure way of password hashing and user authentication.
I asked this question long time ago.
The answer is to always use an algorithm that has been designed for this, and has passed the test of time.
Currently, that algorithm would be bcrypt (there are 2 others but I don't remember their names). There are bcrypt implementations in every language, so just find one and use it. If computers keep getting faster (which would weaken your hashes), you can increase the number of rounds used to make it slower (it scales with hardware).
md5, sha1, sha512, etc: they suck for passwords. How much they suck? You can bruteforce average length passwords in hours or even seconds with your laptop. And that's ok, they weren't designed for securing passwords. They can still be used as cryptographic primitives though, eg: you can implement bcrypt using md5.