1. 

   shem, Member

   My colleague said to me:
   sha1 is an obsolete standard.
   Is there an option to use sha-2, which is a more current and secure algorithm?
2. 

   myDBR Team, Key Master

   You can use SHA2 with following statements in user/defaults.php:

   $mydbr_defaults['hashing_algorithm']['default'] = 'sha256';
   
   $mydbr_defaults['hashing_algorithm']['automatic_parameter_session_id'] = 'sha256';
   
   $mydbr_defaults['hashing_algorithm']['sso'] = 'sha256';

   Note that with SHA1 you will need 2^69 operations for collisions and 2^80 operations for brute force atttacs. Rainbow tables will not work with myDBR as the strings are salted.

   --
   myDBR Team
3. 

   shem, Member

   Thanks.
   And in my PHP code when I run the hash command should I use
   'sha256'
   or
   'sha2'
   or
   'sha-2'
   or something else?
4. 

   myDBR Team, Key Master

   See the PHP documentation.

   --
   myDBR Team
5. 

   shem, Member

   Thanks, it worked

Reply

You must log in to post.