histats

Don’t use MD5 for password hashing! You can migrate to BCrypt or other stronger hashing generator

If you start to learn programming and you will set up apps with login systems, you need username and password to log into your system. Username and password, is very extremly need protection more than any data in your database. So, we need hashing algorythm to save your password safely.

First, you must know HASH is not ENCRYPTION!

Newbies ask to programmer forum like this, “How to set up secure password use MD5 encryption?” or SHA1?, this not really true. Because MD5 and SHA1 is hashing algorythm, and not called encryption. What different? Ok, I’ll tell you something different between hashing and encrypting.

If we do encrypting, we have plaintext and we will get chippertext. Chipertext isn’t readible for human. But, if we have chipter text we can decrypt so we will know the plaintext. Encrypt and decrytp this is the concept.

But if we do hashing, we have plaintext and we get chipper text. But we can not do decrypt the chipper text to plaintext. In condition to checking password, we just hash the input and check it to the database data with hashing output.

So, you know the different. Now, what we should use to password? From CodeIgniter userguide, I know that hashing is more secure than encoding. “This is as good as storing them in plain-text. Really. Do hashing, not encoding.

And, if we do hashing, why the title of this article say don’t use MD5? Yeah, its favorite to newbies, but is too old. And really many hashing generator available. You can use BCrypt, its include in PHP so we just use the function. Its more secure than md5. Don’t use md5, sha1 or other. And don’t use plain-text bytheway. Hehehe

_ Sutriman