Wondering which is better, im going to be making a PHP website soon and id like to use the better one of the 2 ( or if any other is recommended. ). Im going to be scrambling the password then MD5 / sha256 ( w/e i used ) to that. Perhaps add some other stuff to make it harder. This way if they get my DB they wont be able to just crack / brute force the MD5 / sha256 ( or w/e )and get the password.
Can you PM me one of these converters? I just want to see what you mean because afaik MD5 cant really be taken back into its text form, or w/e forum, all you can do from what I have read is brute force it or dictionary attack it until it gets something that matches the MD5 your trying to crack.
Basically just has a large list of supposed passwords, and guesses them. If the MD5 of the password = the MD5 given to crack then its right ( well, wont be the right password if they do that to mine, because it will be all scrambled and stuff ).
use a combo of sha1, and md5. MD5 is beatable by bruteforcing, and there are many sites that store md5 hashes and their outcome. just like: md5(sha1( string ) ); or: sha1(md5( string ) );
Well, i was thinking of doing that as well. have: (sha256(md5(*unix timestamp when they register*))+sha256(md5(password))) ( not the actual code obviously ), but yea, that should be secure enough. Considering to brute force it might take a long while
