| Salted password hashing library |
[eluser]Unknown[/eluser]
Hi folks, I was looking for a "best practice" method for salting and hashing my passwords. I stumbled on an absolute cracker of a page at CrackStation (see what I did there?) that covers everything from the background of hashing to how passwords are cracked, what to do and more importantly what NOT to do when storing passwords, how to handle resets and what to do if you are hacked. You MUST check this page out if you're serious about securing your user accounts: http://crackstation.net/hashing-security.htm The article then includes a simple but insanely secure implementation of PBKDF2 hashing in PHP. So I have made a really quick port of it to work as a CodeIgniter library and got it up on GitHub: https://github.com/richardthornton/codei...rd-hashing I don't take any credit for it whatsoever, but if you're looking for a lean, mean, password hashing machine, this might be a place to start. This is my first contribution to the community after years of work with CodeIgniter, so if you spot anything I've got wrong, please point me in the right direction.  Cheers, Richard
[eluser]Alucemet[/eluser]
I am using skunkbad's Community Auth. On a server with PHP 5.3+, bcrypt is available by default, and seems to be the preferred method of hashing passwords. Community Auth uses bcrypt, and falls back on pbkdf2 if bcrypt is not available. If you want to browse the Authentication class, you can find the repo on bitbucket: https://bitbucket.org/skunkbad/community...at=default The hash_passwd method on line 485 is taking care of the hashing, and the check_passwd method on line 520 checks for a match when a person tries to login. If you haven't tried Community Auth, it's pretty nice.
|
| Welcome Guest, Not a member yet? Register Sign In |
