Doubt about Encryption in passwords

Asked

Viewed 40 times

0

I would like to know the difference between MD5 and SHA256 in passwords. If there is one that is safer and which and when it is better to use one or the other.

1 answer

0

Both are hashing algorithms, because MD5 is currently considered broken, that is, its use is not recommended.

SHA256 is a little safer than MD5 and SHA1 (also considered broken), but it is also not ideal for using in passwords. One of the main reasons is because SHA256 as well as MD5 are made to be fast and are quite vulnerable to Rainbow Tables.

Currently one of the solutions is to use a slow algorithm and preferably use a salt. PHP from version 5.6 supports BCRYPT natively and if I’m not mistaken from version 7.2 also supports ARGON2 which are excellent algorithms for hashing passwords.

To use them, there are password_hash() and password_verify functions().

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Browser other questions tagged

You are not signed in. Login or sign up in order to post.