Can hashing the same variable multiples times using both md5 and sha1, makes the string more difficult to decrypt and increase security?
Can concatenating the MD5 and SHA1 versions of same string and then finally hashing it once more with either password_hash()
, help?
Can concatenating the MD5 and SHA1 versions of same string and then finally hashing it once more with either password_hash(), help?"
No, just "no". It will only make things worse.
You don't need to use or even should use MD5/SHA1 and password_hash()
multiple times and together; you just need to use it once; the "it" being password_hash()
. If you use that multiple times, your verification won't work, believe me when I say this.
You'll just be hashing a hash and another and you will NOT be able to verify it in order to match passwords upon verification.
In trying to do this, your method will fail.
You use password_hash()
once and your verify it after with password_verify()
.
References:
"Can hashing the same variable multiples times using both md5 and sha1, makes the string more difficult to decrypt and increase security?"
In regards to using this for password storage, it won't be of much use really, and those (hashing) functions are outdated.
However, this doesn't stop you from using them for something else though; such as a token when sent out to users on account verification. Yet, there are some better methods to do this but is out of scope of the question.