0
I usually store users' passwords via MD5 in the database. Being that I participate in a group, and the staff there said that it is not recommended to use MD5 for storing data in the database, as it can be easily broken. Getting to the point where they say that using MD5 is the same thing as saving the data in the normal way (without using something for hash).
My question is whether it is safe to store data in the database with MD5 and the SHA (which is the best way) and whether there is another safer way to encrypt data. The question boils down to MYSQL. But if you have any PHP placement that involves this, it would also be useful.
Thank you!
None of these are made for passwords. You need a KDF, more specifically a PBKDF, and not a hash. Use the Argon2, PHP natively supports on
password_hash, there are several questions about this.– Inkeliz
As you can see in the reply that was marked as duplicate, using a pure hash to store password is not very good, because the hash of a weak password is probably already in a "rainbow table" and can be searched even in Google (look for d3b07384d113edec49eaa6238ad5ff00 and you will find that "foo" is the word that originated). The least possible is to use a "spice" or "salt" to prevent this, and the ideal is to use a specific routine for passwords like bcrypt() that avoid other weaknesses related to the use of pure hash to obfuscate passwords.
– epx
Very complete the answer there. It really is perfect for my case.
– Gato de Schrödinger