PHP.net says that md5() and sha1() unsuitable for password?

Question

http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

I\'m storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to d

Answer 1

Has been answered many times before. You can use something like SHA-256 http://php.net/manual/en/function.hash.php but you should also salt the password before hashing it and you can iteratively hash the password - so in the unlikely event it is cracked it will only reveal another hash (in other words, cracking the password takes much longer).

Answer 2

The next question in the FAQ you linked to discusses it: How should I hash my passwords, if the common hash functions are not suitable?

From the FAQ:

The suggested algorithm to use when hashing passwords is Blowfish, as it is significantly more computationally expensive than MD5 or SHA1, while still being scalable.

The question following that is about salt.

Answer 3

As the page you linked to recommends, use the PHP crypt() function with the Blowfish algorithm. Also, use a varying salt for each call to crypt(). You can store the salt values in the same database table as the password, so that it can be used when you compare the passwords later.

To call crypt() with the Blowfish algorithm, use a salt that begins with $2a$, followed by a number (the "cost parameter") between 04 and 31, followed by a $, and then 22 digits from the alphabet ./0-9A-Za-z.

The PHP: crypt manual contains more details on how to use crypt()

Answer 4

Read the next section of the link: How should I hash my passwords, if the common hash functions are not suitable?

Answer 5

For a concrete example of why using plain, unsalted MD5 for password hashing is a bad idea, try entering the MD5 hashes of some reasonably common passwords into a site like md5decrypter.co.uk or md5hashcracker.appspot.com or md5this.com. Or just into Google, which indexes most of those sites (and many others too).