jimfog Posted September 14, 2012 Share Posted September 14, 2012 I am looking into ways to hash the username(to use it in the setcookie function). And I am trying to examine what is the route I should follow. Using a function like sha1 provided by PHP or something more advanced like phppass http://www.openwall.com/phpass/. What do you think should I do? Link to comment Share on other sites More sharing options...
Krewe Posted September 14, 2012 Share Posted September 14, 2012 (edited) Why do you want to hash the username? Even if your setting a cookie.I can't think of any reason you'd need more security with a username if you HAVE TO hash it, so Sha1 should be enough. Edited September 14, 2012 by Krewe Link to comment Share on other sites More sharing options...
niche Posted September 14, 2012 Share Posted September 14, 2012 Here's your answer you requested: http://php.net/manual/en/function.sha1.php Krewe's post not withstanding, don't forget the salt. Link to comment Share on other sites More sharing options...
jimfog Posted September 16, 2012 Author Share Posted September 16, 2012 According to a view, we must not use the username but some other random number, an identifier. What is your opinion about the above? Link to comment Share on other sites More sharing options...
birbal Posted September 19, 2012 Share Posted September 19, 2012 identifier should not be plain text like username,user id etc it should be properly hashed.cause it will be easily guessable and manipulable. it should not be same as you hash your password. hashed password and hashed identifier for persistent login should not be matched. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now