PHP Classes
elePHPant
Icontem

Why?

Recommend this page to a friend!

      Yet Another Hash Package  >  All threads  >  Why?  >  (Un) Subscribe thread alerts  
Subject:Why?
Summary:...
Messages:2
Author:Scott Arciszewski
Date:2018-02-04 08:42:41
 

  1. Why?   Reply   Report abuse  
Scott Arciszewski - 2018-02-04 08:42:41
Why would anyone want to use this instead of, say, password_hash()?

md5(sha1()) isn't exactly the gold standard of password hashing.

mathstat.dal.ca/~selinger/md5collis ...

shattered.io/

Also, hashids?

carnage.github.io/2015/08/cryptanal ...

  2. Re: Why?   Reply   Report abuse  
zinsou A.A.E.Mo´se - 2018-02-04 10:57:19 - In reply to message 1 from Scott Arciszewski
hi scott
yesterday i browse your open source projects page and i must congratulate you for the job you achieve.I know you and your team are specialised in security and cryptography and this feedback doesn't surprise me.

To answer your question : use md5 or sha1 on a string is simple way to hash string and the PHP doc doesn't discourage to use these methods but instead encourage to use password_hash and crypt functions.I don't know if you grasp the shade.I think people are free to choose they hash policy because every application don't need to take lot of time to generate a simple hash.When some applications need to generate many secure hashs in less time they won't use the more secure but a combination of methods which will give the best ratio cost/efficiency.This is this notion which is behind the TLS protocol.

But actually i just want you according to the links you post here to write a program that could reverse a hash generate by this package and post it here.This way my work will however help the community gain a new innovative package which may help security in applications as you wish.

Best regards and keep push me in front.