treehouse : what would you like to learn today?
Web Design Web Development iOS Development

Forums

Illustration by Nick Sirotich

PHP salt hash using MD5 and SHA1

  • mattvot
    Permalink to comment #
    I made a small script for personal use that I'd like to share with you.

    It salts an MD5 string with SHA1. Read more about salt hashes at http://en.wikipedia.org/wiki/Salt_%28cryptography%29

    It is a more secure way of storing hashes, as mentioned read above for more details.

    It's not the conventional way of salting, but it can easily be modded.

    <?php

    function saltyhash($pass) {
    	
    	// Define hash types
    	$passmd5 = md5($pass);
    	$passsha1 = sha1($pass);
    	
    	// Break up md5
    	$md500 = substr($passmd5, 0, 1);
    	$md501 = substr($passmd5, 1, 1);
    	$md502 = substr($passmd5, 2, 1);
    	$md503 = substr($passmd5, 3, 1);
    	$md504 = substr($passmd5, 4, 1);
    	$md505 = substr($passmd5, 5, 1);
    	$md506 = substr($passmd5, 6, 1);
    	$md507 = substr($passmd5, 7, 1);
    	$md508 = substr($passmd5, 8, 1);
    	$md509 = substr($passmd5, 9, 1);
    	$md510 = substr($passmd5, 10, 1);
    	$md511 = substr($passmd5, 11, 1);
    	$md512 = substr($passmd5, 12, 1);
    	$md513 = substr($passmd5, 13, 1);
    	$md514 = substr($passmd5, 14, 1);
    	$md515 = substr($passmd5, 15, 1);
    	$md516 = substr($passmd5, 16, 1);
    	$md517 = substr($passmd5, 17, 1);
    	$md518 = substr($passmd5, 18, 1);
    	$md519 = substr($passmd5, 19, 1);
    	$md520 = substr($passmd5, 20, 1);
    	$md521 = substr($passmd5, 21, 1);
    	$md522 = substr($passmd5, 22, 1);
    	$md523 = substr($passmd5, 23, 1);
    	$md524 = substr($passmd5, 24, 1);
    	$md525 = substr($passmd5, 25, 1);
    	$md526 = substr($passmd5, 26, 1);
    	$md527 = substr($passmd5, 27, 1);
    	$md528 = substr($passmd5, 28, 1);
    	$md529 = substr($passmd5, 29, 1);
    	$md530 = substr($passmd5, 30, 1);
    	$md531 = substr($passmd5, 31, 1);
    	$md532 = substr($passmd5, 32, 1);
    	
    	// Break up sha1
    	$sha100 = substr($passsha1, 0, 1);
    	$sha101 = substr($passsha1, 1, 1);
    	$sha102 = substr($passsha1, 2, 1);
    	$sha103 = substr($passsha1, 3, 1);
    	$sha104 = substr($passsha1, 4, 1);
    	$sha105 = substr($passsha1, 5, 1);
    	$sha106 = substr($passsha1, 6, 1);
    	$sha107 = substr($passsha1, 7, 1);
    	$sha108 = substr($passsha1, 8, 1);
    	$sha109 = substr($passsha1, 9, 1);
    	$sha110 = substr($passsha1, 10, 1);
    	$sha111 = substr($passsha1, 11, 1);
    	$sha112 = substr($passsha1, 12, 1);
    	$sha113 = substr($passsha1, 13, 1);
    	$sha114 = substr($passsha1, 14, 1);
    	$sha115 = substr($passsha1, 15, 1);
    	$sha116 = substr($passsha1, 16, 1);
    	$sha117 = substr($passsha1, 17, 1);
    	$sha118 = substr($passsha1, 18, 1);
    	$sha119 = substr($passsha1, 19, 1);
    	$sha120 = substr($passsha1, 20, 1);
    	$sha121 = substr($passsha1, 21, 1);
    	$sha122 = substr($passsha1, 22, 1);
    	$sha123 = substr($passsha1, 23, 1);
    	$sha124 = substr($passsha1, 24, 1);
    	$sha125 = substr($passsha1, 25, 1);
    	$sha126 = substr($passsha1, 26, 1);
    	$sha127 = substr($passsha1, 27, 1);
    	$sha128 = substr($passsha1, 28, 1);
    	$sha129 = substr($passsha1, 29, 1);
    	$sha130 = substr($passsha1, 30, 1);
    	$sha131 = substr($passsha1, 31, 1);
    	$sha132 = substr($passsha1, 32, 1);
    	$sha133 = substr($passsha1, 33, 1);
    	$sha134 = substr($passsha1, 34, 1);
    	$sha135 = substr($passsha1, 35, 1);
    	$sha136 = substr($passsha1, 36, 1);
    	$sha137 = substr($passsha1, 37, 1);
    	$sha138 = substr($passsha1, 38, 1);
    	$sha139 = substr($passsha1, 39, 1);
    	$sha140 = substr($passsha1, 40, 1);
    	
    	// Stich md5 and sha1 back together
    	$saltyhash = $md500.$sha100.$md501.$sha101.$md502.$sha102.$md503.$sha103.$md504.$sha104.$md505.$sha105.$md506.$sha106.$md507.$sha107.$md508.$sha108.$md509.$sha109.$md510.$sha110.$md511.$sha111.$md512.$sha112.$md513.$sha113.$md514.$sha114.$md515.$sha115.$md516.$sha116.$md517.$sha117.$md518.$sha118.$md519.$sha119.$md520.$sha120.$md521.$sha121.$md522.$sha122.$md523.$sha123.$md524.$sha124.$md525.$sha125.$md526.$sha126.$md527.$sha127.$md528.$sha128.$md529.$sha129.$md530.$sha130.$md531.$sha131.$md532.$sha132.$sha133.$sha134.$sha135.$sha136.$sha137.$sha138.$sha139.$sha140;
    	
    	return $saltyhash;
    }

    echo saltyhash('thisistesttext');

    ?>


    Just a bit of fun :D
  • maxbucksov
    Permalink to comment #
    Really cool script you've come up with! Thanks for sharing! ;)
  • davitz38
    Permalink to comment #
    Hi guys,
    I want to share the tools I use to hash string using md5 and sha1
    - Md5: Online Md5 Converter
    - Sha1: Sha1 Encryption
    Pretty useful tools!
    David
  • Irrorate
    Permalink to comment #
    Nice script, because the salt is actually the password you wouldn't store it in the database, meaning that it'd be virtually impossible to crack this hash (unless you knew the hashing algorithm). You could modify it and make it more difficult too, maybe reverse the sha1 so that the first character of the md5 pass is salted with the last character of the sha1 pass.

    I might just use this.. :)
Add a Comment