Featured post
What are the best practices to encrypt passwords stored in MySql using PhP? -
i seeking advice on how securely store passwords in mysql using php.
overlooking limitations of php itself, want know more salting, hashing, , encrypting these bad boys.
obviously people continue use weak passwords unless forced otherwise, it's how storing them important me. user's passwords far more important me database itself, , such want keep them in such way painstaking , monotonous script kiddie trying reverse. due diligence can defeated, wouldn't mind making particularly bothersome.
there 2 scenarios looking at.
- the kiddie has complete copy of database.
- the kiddie has complete copy of php used craft password, , database.
any , advice on topic graciously appreciated.
use bcrypt
. if has user table of database, can use brute force/rainbow tables/etc heart's content. salt, if you're using md5 or other fast-hashing algorithm (which aren't designed solve problem, way); it's matter of time before can cracked.
any well-known , widely-supported hashing algorithm going have same basic "flaw" (if can call that; it's definition). difference bcrypt
slow molasses when performing hashing operation, rendering brute force attack less effective.
for absolutely great discussion on merits of bcrypt
, dangers of other approaches, , difficulty of password security in general, read this thread. has lots of comments many people more knowledgeable sort of thing am, , should understand more of issues @ stake.
- Get link
- X
- Other Apps
Comments
Post a Comment