Is it possible to get password from hash produced by following function by any method?
$salt is random 128 characters alpha numeric string.
function Get_Hash($pwd, $salt)
{
if ( CRYPT_BLOWFISH == 1)
{
$pwd = hash("sha512",$pwd);
$cost = "07";
$hash = crypt($pwd, '$2a$' . $cost . '$' . $salt);
return $hash;
}
else
{
$pwd = hash("sha512",$pwd);
$hash = crypt($pwd, '$1$' . $salt . '$');
return $hash;
}
}
There is already basic level brute force protection, system locked for 3-5 minutes after 3 failed attempts.
Is this good hashing function for small level application?
Thanks for your help.
Don't create your own hashing.
PHP version 5.5 has some very nice and easy to use password hashing functions, and there is a library that backports them as far as to PHP 5.3.
Include it, use it. Done.
Download here https://github.com/ircmaxell/password_compat or include via Composer:
"require":{
"ircmaxell/password-compat":"~1.0"
}