My old problem was not solved by now, and I was going through a question on Stack Overflow.
I got to know that MD5 should not be used in anyway. Then I read about SHA1 vs bcrypt. After quite some discussion and thanks to Lawrence, I got a brilliant solution and really good lesson on password hashing.
Now, I would be using bcrypt to hash my passwords.
See this post for the solution.
To implement this password hashing technique, there is a library available.
- Download the files from here.
- Then, extract the files to application/library.
Load the library
$this->load->library('PasswordHash',array(8, FALSE));
How to hash the password?
$this->PasswordHash->HashPassword($password);
Check if a password is correct?
$password = $_POST['password'];
$actualPassword = /*Get the hashed password from your db*/;
$check = $this->PasswordHash->CheckPassword($password, $actualPassword);
If you are not using CI, you can go through this link.