Eric Gates Eric Gates - 3 months ago 9
PHP Question

What is the best way to create a random hash/string?

What is the best way of generating a hash for the purpose of storing a session? I am looking for a lightweight, portable solution.

Answer

You can use PHP's built-in hashing functions, sha1 and md5. Choose one, not both.

One may think that using both, sha1(md5($pass)) would be a solution. Using both does not make your password more secure, its causes redundant data and does not make much sense.

Take a look at PHP Security Consortium: Password Hashing they give a good article with weaknesses and improving security with hashing.

Nonce stands for "numbers used once". They are used on requests to prevent unauthorized access, they send a secret key and check the key each time your code is used.

You can check out more at PHP NONCE Library from FullThrottle Development