The
algorithm used to convert the source byte array into a hashed byte array varies. The most
commonly used hashing algorithm is called Message Digest 5 (MD5, another name for the
hash code generated), which generates a 128-bit hash value. Unfortunately, many kinds of
attacks are based on word dictionaries constructed against MD5 hashes.
CHAPTER 16 ?– MANAGING CUSTOMER DETAILS 480
Another popular hashing algorithm is called Secure Hash Algorithm (SHA1), which generates
a 160-bit hash value. SHA1 is generally agreed to be more secure (although slower) than
MD5. Wikipedia has very useful documentation pages for these hashing functions.
In the TShirtShop implementation, we??™ll use SHA1, although it is easy to change this if you
prefer a different algorithm. Now, we??™ll implement the PasswordHasher class in the following
exercise.
Exercise: Implementing the PasswordHasher Class
To implement the PasswordHasher class, follow these steps:
1. Add the following line at the end of include/config.php. This defines a random value (feel free to
change it) to add to the passwords before hashing them.
// Random value used for hashing
define('HASH_PREFIX', 'K1-');
2. Create a new file named password_hasher.php in the business folder, and write the PasswordHasher
class in it:
class PasswordHasher
{
public static function Hash($password, $withPrefix = true)
{
if ($withPrefix)
$hashed_password = sha1(HASH_PREFIX .
Pages:
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602