Doubt about Cryptography in passwords [duplicate]

0

I would like to know the difference between MD5 and SHA256 in passwords. If there is a more secure one and when and when it is better to use one or the other.

    
asked by anonymous 29.03.2018 / 16:48

1 answer

0

Both are hashing algorithms, however MD5 is currently considered broken, that is, its use is not recommended.

SHA256 is a bit safer than MD5 and SHA1 (also considered broken), but also not ideal for use in passwords. One of the main reasons is because SHA256 as well as MD5 are meant to be fast and are quite vulnerable to rainbow tables.

Currently one of the solutions is to use a slow algorithm and preferably use a salt. PHP from version 5.6 natively supports BCRYPT and if I am not mistaken from version 7.2 it also supports ARGON2 which are excellent algorithms for hashing of passwords.

To use them, there are the password_hash () and password_verify () functions.

link

link

    
29.03.2018 / 17:38