Topic: Security - md5 hashing

Hello,
first of all i would like give a big thanks for this awesome CMS. I've been looking ages for something like this. Keep up good work :-)

Now, quick one:
Im not an security expert but dont you find md5 hashes are too weak nowdays? Even though SALT is used..

I was just thinking about replacing md5 with sha1.
        public static function encryptPassword($password) {
           //return md5(md5(trim($password) . MONSTRA_PASSWORD_SALT));
            return sha1(md5(trim($password) . MONSTRA_PASSWORD_SALT));
        }

Still Monstra ftw! :-)

  • Awilum
  • Awilum
  • Monstra Founder & Lead Developer
  • Offline
  • From: #Ukraine #USA
  • Posts: 503
  • Reputation : [ 23 | 0 ]

Re: Security - md5 hashing

Yes, maybe new project I will start with some other password crypting method.
But here, I dont have solutions how to provide this update. Because a lot of people already install and use Monstra on their projects.

Monstra Loves You! Give some love back!

Awilum's Website

Re: Security - md5 hashing

Well maybe a hint:
Let the user set his own SALT, as i have already seen in some different projects. That should be feasible even via install.php

    /**
     * Set password salt
     */
    define('MONSTRA_PASSWORD_SALT', 'YOUR_SALT_HERE');