Privacy on your website will be paramount to your success. In the world of application development, security can sometimes be overlooked (normally because accessibility is considered more important). Luckily, modern theories in coding mean we now can now be accessible and secure.
Hashing is a really simple technique to hide data using a one way encryption. It’s especially necessary when dealing with users passwords (In a recent study, 60% of respondents use a similar passwords). Here is an example of how to hash using the MD5 function:
<?php
$password = md5('password');
// $password will now return 5f4dcc3b5aa765d61d8327deb882cf99
?>
However, we can improve on this code. Many hackers now use Rainbow tables to reverse the one-way encryption (and thus find out the secret data). Luckily programmers have come up with a new technique to combat this…Adding a pinch of salt to a hash. In programming terms, a salt is essentially an extra piece of information we add to what the user input to make it unusual. Here is an example how to code this:
<?php
$salt = '%$£Salt_Here*(&^';
$password = md5('password'.$salt);
// $password will now return 5747563a265df7a3250884394c0a05e0
?>
Related Posts
PHP Security Consortium: Password Hashing
Essential PHP Security
[...] Hashing passwords is mostly important from a privacy view point; if a hacker gets in they could sell your users details. To make matters worse you could also face a large amount of bad publicity from a [...]
Huh, I’ll be sure to try this out next time when I’m MD5 hashing!