If you want to use a different alogo other than md5
Try print_r(hash_algos()); I got Array ( [0] => md2 [1] => md4 [2] => md5 [3] => sha1 [4] => sha256 [5] => sha384 [6] => sha512 [7] => ripemd128 [8] => ripemd160 [9] => ripemd256 [10] => ripemd320 [11] => whirlpool [12] => tiger128,3 [13] => tiger160,3 [14] => tiger192,3 [15] => tiger128,4 [16] => tiger160,4 [17] => tiger192,4 [18] => snefru [19] => gost [20] => adler32 [21] => crc32 [22] => crc32b [23] => haval128,3 [24] => haval160,3 [25] => haval192,3 [26] => haval224,3 [27] => haval256,3 [28] => haval128,4 [29] => haval160,4 [30] => haval192,4 [31] => haval224,4 [32] => haval256,4 [33] => haval128,5 [34] => haval160,5 [35] => haval192,5 [36] => haval224,5 [37] => haval256,5 ) _____ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Sent: 06 November 2008 15:58 To: [email protected] Subject: [phpug] Re: Hash salting best practise Thanks for that link Robin... yup, an interesting 'tool' that MD5 cracker... However it failed almost every hash I threw at it that was longer than 8 chars, even common dictionary words. Not sure if it was a true 'common thread' but I found that a hash it COULD crack became uncrackable if I took the numerical component and placed it roughly in the middle, as opposed to start or finish. eg: 'niggle23' was cracked in no time flat, but 'nig23gle' was uncrackable. I am thinking I might have to run the hashes stored in our database through that 'tool' and those that fail get their "update your password time" flag set... and update the page to include better advise on choosing stronger passwords. Does anyone know of an Apache module for SHA-256? The only one installed on the shared server we use is SHA-1. Cheers... *********** REPLY SEPARATOR *********** On 6/11/2008 at 3:18 p.m. Robin wrote: And if you think that if your hashed (unsalted) passwords are safe take a look at this site http://gdataonline.com/seekhash.php Sha256 is more commonly known to be the best practice alogo --- Karl Senior Account Manager <http://www.kiwireviews.co.nz/> www.KIWIreviews.co.nz ... Where Your Views Count Please consider the environment before printing this email. Supporting Palmerston North's Santa... see our Community Gold Project page: <http://www.KIWIreviews.co.nz/santa> http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show! --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
