Welcome Guest, Not a member yet? Register   Sign In
phpass HAVE BEEN CRACKED! What is the solution?
#22

[eluser]bretticus[/eluser]
[quote author="trs21219" date="1245217044"]
mine does both. it uses a random salt for each user combined with their password and on the other end is what i call 'pepper' which is exactly like the encryption key but a different string. this way if they steal your db they don't have the one that is in the code. which makes it impossible to access the passwords (without 500 super computers and about 10,000 years)[/quote]

So you store some random salt with the user record? Then you hash that with the user's real password, plus your "script-side" static string to make the password hash in the user record?

That would go a very long way to prevent a rainbow table from exploiting the password if the data were stolen, but I would think just hashing the real password + the "script-side" code with sha256 (or better) ought to be sufficient as a collision is the only thing the hacker needs. To gain access to your website, if he or she can produce a password, which combined with your static salt, will result in the desired hash (which is why md5 is not really safe) then that is good enough without ever knowing the real password. If you used a strong hashing algorithm (you can upgrade php hashing algorithms via the suhosin extension) and a moderately strong "script-side" randomly-generated static string, you'd have my approval easy. Smile

EDIT: Apparently "hash" has the same upgraded hash algorithms if you have PHP 5 >= 5.1.2 (as demonstrated in above post.)


Messages In This Thread
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:13 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:26 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 10:36 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:03 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:07 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:21 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:05 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:06 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:09 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:13 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:26 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:32 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:47 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:49 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 12:54 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 01:09 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 01:15 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 04:33 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 06:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 06:37 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 08:00 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 08:18 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 09:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:19 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-16-2009, 11:39 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 01:38 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 02:37 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:31 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:35 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:44 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 07:55 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 08:51 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-17-2009, 08:53 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 12:30 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:00 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:17 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:20 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 08:21 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 09:30 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 01:47 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 02:01 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 03:42 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 03:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 04:34 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-18-2009, 07:40 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 08:50 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 12:32 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 01:03 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 03:52 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-03-2010, 04:01 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 12:53 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 01:10 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 10-04-2010, 02:54 AM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-06-2011, 07:58 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-13-2011, 02:54 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 04-13-2011, 04:10 PM
phpass HAVE BEEN CRACKED! What is the solution? - by El Forum - 06-21-2012, 08:01 AM



Theme © iAndrew 2016 - Forum software by © MyBB