+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Lounge (https://forum.codeigniter.com/forumdisplay.php?fid=3)
+--- Thread: What is wrong with bcrypt? (/showthread.php?tid=70633)
What is wrong with bcrypt? - falko - 05-05-2018
Hello guys!
On May 1st I received an email from GitHub saying that there was a bug that exposed the password of some users.
Today I received an email from Twitter talking about a very similar situation.
In both systems, the passwords that should be encrypted with bcrypt were saved "accidentally" as plaintext in log files.
What strikes me most is that this happened to two giant companies and the same situation.
Any information security expert know how to tell me what's going on?
RE: What is wrong with bcrypt? - jreklund - 05-05-2018
They left debug code in production, simple as that.
And there ain't nothing wrong with bcrypt; It's secure.
You should however use Argon2 instead, if you can.
http://php.net/manual/en/function.password-hash.php