<?php
$password = hash('sha256', $_GET['password']);
$stringParts = str_split($password);
sort($stringParts);
$password = implode('', $stringParts);
?>
Take that hackers.
>>61532036
>tfw to dumb to understand what this does
>>61532230
1. get a password as string
2. hash it with sha256
3. transform string into array
4. sort it by character
5. join the sorted array into a new string
so if he gets a password as text, he'd perform the same procedure. and if his database leaks, the passwords wouldn't be cracked. but, if people have access to the code, they can see what he's doing. that's my take on it anyway, i don't use php since it's garbage
>>61532322
You fucking retard. You're gonna get collisions with that shit.
>>61532322
what do you use instead?
>>61532345
i'm not op, but good point
>>61532362
i'm not a webdev
>>61532362
Nodejs with Express :^)
>>61532362
Why don't you just sha512 the sha256 diggest?
holy shit this is stupid
just use pbkdf2 and kill yourself.
>>61532036
You forgot the part where you're supposed to salt those hashes against something like the Unix timestamp so two user accounts don't have the same sha256 hash because theirs passwords are the same
>>61532498
Not completely stupid. There aren't any GPU accelerators for this clever hacklet, yet.
>>61532443
master race my niga
>not storing all passwords in clear text.
What do you have to hide, anon?
>>61532532
it'd take a fucking minute to make one with hashcatcl
>>61532532
It is stupid because you're gonna get collisions.
password = hash(get_password() + salt) + salt
Salt is basically a randomly generated string.
+ operator means concatenating strings.
You need to save your salt for password validation.
>>61532532
>There aren't any GPU accelerators for this clever hacklet, yet.
CPU would suffice. This "encryption" would reduce entropy, not increase it.
>>61532663
Fair enough.
>>61532036
Idiot use bcrypt
https://ghostbin.com/paste/4x2jf
>>61532036
>php
>password as GET parameter
>>61534336
>not scrypt
kys
Does varying the number of iterations as part of a salting strategy (say, 1000 + Math.random() * 256) make pbkdf2 harder to crack in practice?
>password as a queryparam
>>61532036<?php
$password = password_hash($_GET['password']);
?>
>>61532467
>>61532528
please use big random salts i.e bcrypt
>>61535278
nice
i also suggest to use POST
$hashed_password = password_hash($_POST['password']);
if(password_verify($_POST['password'], $hashed_password)) {
// logged in
}