In an MVC style web app, what's the best/most secure way of setting up a hashing method that's available globally?
I've just been doing this within my core controller that is extended by the rest of my scaffolding:
class Core{
protected function salt($string=null){
$salt = 'dsjflk32osdjshewy8327rtewyrkjfdhdsgnmbcxvsgfyew3287';
$this->data = md5($salt.$string);
return $this->data;
}
}
Is this good practice, or should I be doing something different?
It depends on what you want to hash. If its just to create a unique identifier for larger/grouped datasets, then you could just use MD5. Using salt isnt realy needed then, but it cant harm you either.
If you want to use it for passwords, dont use a hashing function that is optimized for speed at all, because its not realy secure. For passwords I recommend Bcrypt and this question has a lot of information on why you should use it.
If you need the hashing function to disquise parameters, so they cannot be altered, an md5 hash would be sufficient aswell. Since you need to store the link between the hash and the actual value somewhere, they can try to bruteforce the md5 to change the parameter, but they still can only enter values you allowed and have in your link table.