My old problem was not solved by now, and I was going through a question on Stack Overflow.
I got to know that MD5 should not be used in anyway. Then I read about SHA1 vs bcrypt. After quite some discussion and thanks to Lawrence, I got a brilliant solution and really good lesson on password hashing.
Now, I would be using bcrypt to hash my passwords.
See this post for the solution.
To implement this password hashing technique, there is a library available.
- Download the files from here.
- Then, extract the files to application/library.
Load the library
How to hash the password?
Check if a password is correct?
$password = $_POST['password']; $actualPassword = /*Get the hashed password from your db*/; $check = $this->PasswordHash->CheckPassword($password, $actualPassword);
If you are not using CI, you can go through this link.