发表新帖
发表新帖

Going from unsalted to salted MD5 passwords

后端 未结
关注
12 851
臣服心动
臣服心动 2021-02-07 02:56

I have a LAMP (PHP) website which is becoming popular.

I played it safe by storing the user passwords as md5 hashes.

But I now see that\'s not secure; I should h

12条回答
  • 情深已故
    情深已故 (楼主)
    2021-02-07 03:41

    A great way to update the passwords while also making them more secure is to change to using a salted SHA1 for passwords. A SHA1 is harder to create a collision against, and it also has a different string length to MD5. A MD5 is 32 characters long, while a SHA1 is 40 characters long.

    To convert these in PHP, you first check the string length of the stored password. If it is 32 characters long, check the password using your old method and afterwards, write a new one using SHA1 to the database.

    If I remember correctly, this is precisely how WordPress handled this issue.

    0 讨论(0)
 看不清?
提交回复
热议问题