Common hashing functions are unsuitable for passwords

According to PHP team, common hashing functions such as md5() and sha1() are unsuitable for passwords. Why? They’re to fast and by this, not so secure and open to brute-force decrypt. No matter, what you think about this, we must admit, that md5() function is listed among “Text Functions” in PHP’s docs, so it doesn’t even touch “Encryption” or “Security” parts in documentation.

Mcrypt seems to be good alternative to those. And mcrypt-module-open function contains good example on both crypting and decrypting with mcrypt. See mentioned article for more details and other alternatives.

Leave a Reply