php - Is this hashing function overkill -

-

i began work on project , contains following function hash passwords :

function hash_password($password) {     $account_id = $this->account_id;      /*      * cook randomness      */     $password = str_rot13($password);      $random_chars = "1%#)(d%6^".md5($password)."&h1%#)(d%6^&hb(d{}*&$#@$@fefwb".md5($password)."``~~+_+_o(ed##fvdfgrg:b>";      $salt = $account_id;     $salt = ((int)$salt * 123456789) * 1000;      $salt_len     = strlen($salt);      for($i=0; $i <= $salt_len; $i++) {         $salt .= $random_chars[$i];                 }      $salt = str_repeat($salt, 3);      return hash('sha256', base64_encode($password.$salt.$password), false); }

*$account_id unique each user account.

my question : function more secure doing simple :

$salt = sha1($account_id); $hash = hash('sha256', base64_encode($password.$salt), false);

cheers!

using account id salt not idea - if can steal hashed passwords, can account id's too. having more convoluted hash in code in instance therefore more secure, provided code protected. using known random string salt in code means have hack both data , code in order attack passwords - has better having attack database alone.


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more