password-encryption

I would like to know which method to use to store passwords in database. I have implemented it using MD5 but according to some posts SHA1 is more secure. Is there any other method which is more secure? Please help me finding out a best method to secure passwords. Sure SHA1 is more secure that MD5, but for most purposes it is not secure enough. You will probably find useful the video How NOT to Store Passwords by Computerphile - 9 minutes and 24 seconds long. You must realize that there is much to cover when it comes to authentication and access control, so having a good hashing scheme is not

I am using PHP. I used to use native mysql function password() to store passwords. I was told that password() is not safe anymore. What would be the best method to store passwords in PHP? is it MD5? Updated Answer 2016: The winner of the PHC (Password Hashing Competion) was Argon2 . Hashing passwords with Argon2 is the best practice as of 2016. PHC ran from 2013 to 2015 as an open competition—the same kind of process as NIST's AES and SHA-3 competitions, and the most effective way to develop a crypto standard. We received 24 candidates, including many excellent designs, and selected one winner

I found a guide for implementing AES encryption/decryption in Java and tried to understand each line as I put it into my own solution. However, I don't fully understand it and am having issues as a result. The end goal is to have passphrase based encryption/decryption. I've read other articles/stackoverflow posts about this, but most do not provide enough explanation (I am very new to crypto in Java) My main issues right now are that even when I set byte[] saltBytes = "Hello".getBytes(); I still get a different Base64 result in the end ( char[] password is random each time, but I read that it

In .NET, we have the SecureString class, which is all very well until you come to try and use it, as to (for example) hash the string, you need the plaintext. I've had a go here at writing a function that will hash a SecureString, given a hash function that takes a byte array and outputs a byte array. private static byte[] HashSecureString(SecureString ss, Func<byte[], byte[]> hash) { // Convert the SecureString to a BSTR IntPtr bstr = Marshal.SecureStringToBSTR(ss); // BSTR contains the length of the string in bytes in an // Int32 stored in the 4 bytes prior to the BSTR pointer int length =