sha1

I'm making a php login, and I'm trying to decide whether to use SHA1 or Md5, or SHA256 which I read about in another stackoverflow article. Are any of them more secure than others? For SHA1/256, do I still use a salt? Also, is this a secure way to store the password as a hash in mysql? function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = sha1($salt . $hash); Johannes Gorset Neither. You should use bcrypt . The hashes you mention are all optimized to be quick and easy on hardware, and so cracking them share the same qualities

I'm trying to make a simple String to SHA1 converter in Java and this is what I've got... public static String toSHA1(byte[] convertme) { MessageDigest md = null; try { md = MessageDigest.getInstance("SHA-1"); } catch(NoSuchAlgorithmException e) { e.printStackTrace(); } return new String(md.digest(convertme)); } When I pass it toSHA1("password".getBytes()) , I get [�a�ɹ??�%l�3~��. I know it's probably a simple encoding fix like UTF-8, but could someone tell me what I should do to get what I want which is 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 ? Or am I doing this completely wrong? Nishant

Recently a team of researchers generated two files with the same SHA-1 hash ( https://shattered.it/ ). Since Git uses this hash for its internal storage, how far does this kind of attack influence Git? Edit, late December 2017: Git version 2.16 is gradually acquiring internal interfaces to allow for different hashes . There is a long way to go yet. The short (but unsatisfying) answer is that the example files are not a problem for Git—but two other (carefully calculated) files could be. I downloaded both of these files, shattered-1.pdf and shattered-2.pdf , and put them into a new empty