Kommentare zu: PHP: Easy and secure password hashing class

Von: Julius

Julius — Fri, 18 May 2012 21:03:30 +0000

@misterjack
I would not use that hashing class, because its code does not apply the common PHP standards.
Also it is very common code that might have holes that could be misused.

Von: misterjack

misterjack — Tue, 15 May 2012 09:08:42 +0000

there is only one true password-hashing-class: http://www.openwall.com/phpass/

Von: Julius

Julius — Mon, 05 Apr 2010 10:09:58 +0000

Hi martin,
reversing is not possible with a hash.
A hash can be compared with a fingerprint of something. If something has the same fingerprint, it has to be the same thing.
What you are asking for is a encryption. By using a key you can encrypt and decrypt the data.
Use hashes for storing passwords. Use encryption for storing sensitive things like credit card numbers.

Von: martin

martin — Sun, 04 Apr 2010 23:05:20 +0000

I'm testing your class and it works fine but, what about reversing hash data into a human readable word again?

Von: Julius

Julius — Sun, 31 Jan 2010 12:59:35 +0000

This is basically true. But this information aims mostly for normal hashing routines. The class is intended to produce a hash that is not usual. There are many rumours about hashing out there but not everyone is true. If you want to use sha1() instead of md5(), it is easily exchangeable.

Von: Jani Hartikainen

Jani Hartikainen — Sun, 31 Jan 2010 12:27:21 +0000

I've read in a few places that md5 is not really a good choice nowadays. sha1 is much better, and at least I've started using it instead of md5.