

Which password storing technique better? - aniketpant

I am working on Code Igniter and using MD5 for hashing my password.<p>I have read at a lot of places that it isn't a good practice to use MD5. Should I use a Salt or should i use bcrypt?<p>Also, if I need to use bcrypt, how do I do it?
======
pixeloution
Modern GPUs can calculate 250 million MD5 hashes per _SECOND_ \- so even a
salted MD5 hash isn't much help.

Since you're using Code Igniter, that means PHP -- bcrypt forces you to use a
salt, plus its a slower hashing method which means the passwords are much more
secure should your database ever be compromised.

Final not its not "bcrypt or salt" its "bcrypt and salt" -- a salt is a string
you add to the plaintext password before hashing, to prevent the use of
rainbow tables for an attacker.

------
aniketpant
Asked on Stock Overflow too ...

Will be using bcrypt :)

[http://stackoverflow.com/questions/7044785/what-is-the-
safes...](http://stackoverflow.com/questions/7044785/what-is-the-safest-way-
to-store-a-password-using-code-igniter/7045061#7045061)

------
Aqua_Geek
As many people here will tell you, just use bcrypt.
<http://www.google.com/search?q=bcrypt+php>

