Can I md5(sha1(password))?

Question

I\'m currently coding my own CMS and I\'m at the state of password...

I want to know if I can md5 a password then sha1 it after?

Li

Answer 1

You can do this, but there's no real benefit to it. If you're running your passwords through md5(), you'll get a bit more security from adding a cryptographic salt.

What is SALT and how do I use it? has more info on that.

The other bit of advice you may hear a lot is to not use MD5. SHA1 is comparatively stronger, and you only need to change your password field in your database to accept a 40 character string.