I Got somewhere these Interesting Hashing password codes
One is
$user_passcode = SHA1(MD5($_POST['user_passcode'])); and The Other is
$user_passcode = SHA1(SHA1(MD5($_POST['user_passcode']))); From Security perspective,Is this approach acceptable???
NONE! You should not be experimenting with the security of your website. Do not use cryptographic methods that are not tested by professionals.
Double hashing is just a waste of time. It's like trying to build security through obscurity.
It's not the best, but I'll post as it's a built-in function and definitely more secure than md5().
password_hash($pass, PASSWORD_DEFAULT, ['cost' => 12]);Note: Cost is the value upon which depends how much your server will need to match the password when you log in. The higher you set it the more difficult and resource-consuming it becomes for the server to match it.
password_verify($pass, $db_pass);Clarification: That's the best and most secure method I know of. If anyone has anything more controversial and secure than password_hash(), please share it.
Code:
// When you store it password_hash($pass, PASSWORD_DEFAULT, ['cost' => 12]); // When you check if they match password_verify($pass, $db_pass); Reference: @erickson has written a fantastic answer here.
password_hash() too.