Can I md5(sha1(password))?

Question

I\'m currently coding my own CMS and I\'m at the state of password...

I want to know if I can md5 a password then sha1 it after?

Li

Answer 1

Make sure you add a salt in there too, this makes it much harder to use rainbow tables against your customer's/user's passwords.

Something like:

$hashedPassword = sha1(md5($password) . $salt . sha1($salt . $password));

Where salt can be a nice long random string itself, either constant across your application or a salt per contact which is stored with the user too.