Advice on Installing Blowfish |
[eluser]vincej[/eluser]
My client's site recently got hacked, so we are going through everything with a fine tooth comb. I have been using CI's SHA1 on pw's however my client would like me to install Blowfish. Can anyone offer me any advice or resources where I can figure out the best way of installing BF ? btw - yes I have upgrade to 2.2.0 Many Thanks !!
[eluser]CroNiX[/eluser]
If you are using php 5.3+ it should already be installed. http://www.php.net//manual/en/function.crypt.php
[eluser]vincej[/eluser]
Hey CroNix - Glad to see you're still here ! The manual discusses using Blowfish with a static salt. Is it not necessary to install with a dynamic and hashed salt, stored in the DB ? or is that overkill ?
[eluser]ivantcholakov[/eluser]
@vincej Maybe a ready solution for such a standard task would be better. I am going to switch to this one: http://www.openwall.com/phpass/ Edit: For making coding simpler, here is a small additional library in CodeIgniter style: Code: <?php defined('BASEPATH') OR exit('No direct script access allowed.'); |
Welcome Guest, Not a member yet? Register Sign In |