just started researching on the latest PHP encryption methods, I've found out my favorite algorithms are compromised. MD5 is no good, SHA-1 has "found flaws", SHA-512 isn't "meant for passwords", these are all from various StackOverflow sites.
HMAC as of 2011 had "no known attacks", and PHP's password_hash is a new addition that uses a "strong one-way algorithm".
I have heard good things about HMAC + MD5, though it has been suggested it would be best to use an algorithm that has yet to be compromised. I see bcrypt is an add-on, there is the native crypt() and now mcrypt? But password_hash handles all of these?
To me, it's all starting to sound like a deadly game of what sounds best. Can someone with adequate knowledge on the subject answer: By specific, technical definition (Hash A is cryptographically stronger than Hash B) which PHP encrpytion method(s) are currently most secure and have no known vulnerabilities? Does any native PHP functionality make the list?
Aucun commentaire:
Enregistrer un commentaire