02-12-2009, 07:12 PM
|
#9 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
|
Quote:
Originally Posted by ETbyrne
The best idea is to use a combination of encryption methods. I personally use this:
PHP Code:
$newpass = sha1(md5('password'));
|
That's the best piece of bad advice I've seen all day.  Mixing multiple hashing algorithms does not a secure system make. Once an attacker knows that all you're feeding into SHA1 is an unsalted MD5 hash, their life just got way easier. |
|
|
|