{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做自己的国王 的问题《What is better? Password_hash vs. SHA256 vs. SHA1》','https://www.manongdao.com/q-528196.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What is better with salt for password storage?
MD5:
$hash = md5($password . $salt);
Password_hash:
$hash = password_hash($password, PASSWORD_DEFAULT, $salt);
SHA1:
$result = sha1($salt.$string);
相关问题
- How to Hex Encode a SHA-256 Hash
- sha256 of locally built docker image
- Powershell Speed: How to speed up ForEach-Object M
- Karma unit test / STORE - state undefined
- Best way to store an IPv6 in UNKNOWN DB?
相关文章
- Asynchronous SHA256 Hashing
- How do you connect to MySQL using PHP's mysqli
- How to get unsigned md5 hash in Java
- C# MD5 calculation issue
- Java SHA-1 hash an unsigned BYTE
- Different RSA signatures when using OpenSSL and An
- SHA1 for Specific String in iOS
- how to make a MD5 batch virus scanner? [closed]
You should absolutely use the password_hash() function without providing your own salt:
The function will generate a safe salt on its own. The other algorithms are ways too fast to hash passwords and therefore can be brute-forced too easily (about 8 Giga MD5 per second).
Salts are great when you are storing lots of passwords, otherwise they are fairly useless since they are stored in plaintext. If an attacker manages to get your hashed passwords, then assume that they can get their hands on your salts. Use SHA-256 because it's a cryptographically strong hash function, and use salts. But most importantly, just use strong passwords combined with strong hashing algorithms.