One big mistake would be having the passwords stored in database without being encrypted.
Whenever someone gets access to the database can login directly.
The most used hash types on php are md5, sha1, sha236, sha512. Sha512 is more strong between them.
Md5 hashes can be cracked very fast due to big lists of password combinations.
You can go to a site to decrypt md5, there are many chances that your hash will get cracked, they may have the md5 hash of your password stored into database.
Best tips:
- Use sha512
- Strong password
- Using salts
<?php echo hash('sha512', 'mypass'); ?>Using different letter combinations is better ex gA@2#j,J%19&
Salts
Salt is a secret word which get combined with the password or hash, this method is the best as long as the attacker does not have file read access to read the hashSalting the password
<?php
$pass = "gj.mgat.5d%GA";
$salt = "wK5&.gdxmja,5";
$pass = $pass.$salt;
$pass = hash('sha512', $pass);
echo $pass;
?>
Salting the hash
<?php
$pass = "gj.mgat.5d%GA";
$salt = "wK5&.gdxmja,5";
$pass = hash('sha512', $pass);
$pass = $pass.$salt;
echo $pass;
?>
Thanks to thecodertips
ReplyDelete