I have been reading a lot online that MD5 is not very secure, i have decided to switch my site over to use SHA512, i have never done this before so really i am just asking you to check to see if i have done it correctly, or is there an alternative more secure hash method which i can use to store the password ?
$upass is the users password which i need to hash.
Here was my origional PHP with MD5 :
$uname = mysql_real_escape_string($_POST['uname']);
$sname = mysql_real_escape_string($_POST['sname']);
$email = mysql_real_escape_string($_POST['email']);
$upass = md5(mysql_real_escape_string($_POST['pass']));
Here is my new PHP using SHA :
$uname = mysql_real_escape_string($_POST['uname']);
$sname = mysql_real_escape_string($_POST['sname']);
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$upass = hash('SHA512', $upass);
Here is also the hashed string for the word "password" just to make sure the hashing is working.
SHA512 :
b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e
MD5 :
5f4dcc3b5aa765d61d8327deb882cf99
Thanks for any help / advice in advance.
The right way would be to use password_hash using PASSWORD_DEFAULT for the algorithm. That way, you will have a good algorithm (bcrypt, if you have PHP 5.5), which may be automatically upgraded to a better one in future versions of PHP, withouth the need to change your code. The passwords are also hashed with a salt.