Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Advice on Installing Blowfish
Advice on Installing Blowfish
  • El Forum
    Guest
  •  
#1
06-12-2014, 10:16 AM

[eluser]vincej[/eluser]
My client's site recently got hacked, so we are going through everything with a fine tooth comb. I have been using CI's SHA1 on pw's however my client would like me to install Blowfish.

Can anyone offer me any advice or resources where I can figure out the best way of installing BF ?

btw - yes I have upgrade to 2.2.0

Many Thanks !!
  • El Forum
    Guest
  •  
#2
06-12-2014, 10:58 AM

[eluser]CroNiX[/eluser]
If you are using php 5.3+ it should already be installed.
http://www.php.net//manual/en/function.crypt.php
  • El Forum
    Guest
  •  
#3
06-12-2014, 11:06 AM

[eluser]vincej[/eluser]
Hey CroNix - Glad to see you're still here !

The manual discusses using Blowfish with a static salt. Is it not necessary to install with a dynamic and hashed salt, stored in the DB ? or is that overkill ?
  • El Forum
    Guest
  •  
#4
06-13-2014, 03:09 PM

[eluser]ivantcholakov[/eluser]
@vincej

Maybe a ready solution for such a standard task would be better. I am going to switch to this one: http://www.openwall.com/phpass/

Edit: For making coding simpler, here is a small additional library in CodeIgniter style:

Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed.');

/**
* @author Ivan Tcholakov <[email protected]>, 2014
* @license The MIT License, http://opensource.org/licenses/MIT
*/

// If you have no class autoloading feature,
// include once the class PasswordHash here.

class Password {

    public function __construct() {

        log_message('debug', 'Password class initialized');
    }

    // See http://www.openwall.com/phpass/
    public function hash($password) {

        $password = (string) $password;

        // Don't allow empty passwords, on creation use validation for not accepting them.
        if ($password == '') {
            return '';
        }

        $hasher = new PasswordHash(8, false);

        return $hasher->HashPassword($password);
    }

    // See http://www.openwall.com/phpass/
    public function verify($password, $hash) {

        $password = (string) $password;
        $hash = (string) $hash;

        // Don't allow empty passwords, on creation use validation for not accepting them.
        if ($hash == '' || $password == '') {
            return false;
        }

        $hasher = new PasswordHash(8, false);

        return $hasher->CheckPassword($password, $hash) ? true : false;
    }

}




Theme © iAndrew 2016 - Forum software by © MyBB