Password hash |
[eluser]someone [/eluser]
Hello! I'm working on registration script and I would like to ask you, which crypt hash do you use? Currently I want use crypt() function with blowfish hash, but I don't know if my idea is good. Idea is the function which takes string and mix it to random. Then this string becomes a salt for crypt function. Is this good way? Thanks! :-)
[eluser]Jason Hamilton-Mascioli[/eluser]
Taken from an earlier post... Quote:Use bcrypt. Actually - use php’s bcrypt implementation - crypt function (there are several different
[eluser]someone [/eluser]
I have tried bcrypt and it works well, but after reading of articles I don't know what to use now. Some says it's better to use bcrypt (crypt() blowfish) but others then tell me, that is easy to put site down because crypt() use a lot of cpu. What's now true and do you recommend me blowfish or sha512 (again some are saying that blowfish is better)? EDIT: Is blowfish always 60 chars long?
[eluser]Syllean[/eluser]
I found this tutorial quite helpful http://net.tutsplus.com/tutorials/php/un...words-safe.
[eluser]InsiteFX[/eluser]
Ya, and they were just hacked storing passwords in plain text.
[eluser]someone [/eluser]
[quote author="someone " date="1340715228"]I have tried bcrypt and it works well, but after reading of articles I don't know what to use now. Some says it's better to use bcrypt (crypt() blowfish) but others then tell me, that is easy to put site down because crypt() use a lot of cpu. What's now true and do you recommend me blowfish or sha512 (again some are saying that blowfish is better)? EDIT: Is blowfish always 60 chars long?[/quote] I'm still interested into this two questions, so if anyone know, please reply. What about storing hash into database as in the linked article - is this secure? Thanks! :-)
[eluser]InsiteFX[/eluser]
SHA512 requires a database field of varchar(128) if you use that. I hash mine with SHA512 and use the CodeIgniter 32-bit config encryption key to salt it it also has a second parameter to pass in a random salt. |
Welcome Guest, Not a member yet? Register Sign In |