There are lots of incidents when our database are compromised. All our admin and users accounts could be compromised. Commonly the practise of securing password is by hashing the password using different alogrithm available like MD5, SHA1, SHA256, etc. We commonly hash the password and insert into the table. When our hash get into the wrong hand it can be cracked using online or offline crackers.

I am going to show you how to secure you hash. All you need is knowledge of PHP and MYSQL. I'll just be using MD5 function.

Note: In this post i have not posted the process to clean the users inputs for SQL Injection and other threats. I'll be posting that later. This is just the process before checking the valid username and password.

Lets create a function which would return the hash:

function createhash($pass)
{
$hash = md5($pass); //calculate the md5 value of password
$pass = strrev($hash); //now lets reverse the hash
return $pass; //return the value
}

The above function will simply reverse the hash. To make even more secure lets see another function.

function createhash($pass)
{
$hash = md5($pass); //calculate the md5 value of password
$pass = strrev($hash); //now lets reverse the hash
$first = substr($pass, 0, 16); //Return first 16 chars
$second = substr($pass, 16, 16);//return last 16 chars
$pass = $second.$first; //add first 16 chars to last 16 chars
return $pass; //return the value
}

Same as first function but here we cut the hash into 2 pieces, 16 chars each and moved first 16 chars after last 16 chars. since md5 have 32 chars it can be divided into two parts.

This was just a basic example, you can now customize on your own by even parting those 16 chars and later combining them later or even salting the password before hashing and using multiple hash function. e.g:

$pass = md5(sha1(md5($pass."secretkey"))); //try using multiple hash function

After you have your hash connect to the DB server and check for validation.

discuss this topic to forum