Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums General Lounge What is wrong with bcrypt?
What is wrong with bcrypt?
  • Offline falko
    Junior Member
  • **
  • Posts: 28
    Threads: 8
    Joined: Sep 2017
    Reputation: 0
#1
05-05-2018, 01:32 PM

Hello guys!

On May 1st I received an email from GitHub saying that there was a bug that exposed the password of some users.

Today I received an email from Twitter talking about a very similar situation.

In both systems, the passwords that should be encrypted with bcrypt were saved "accidentally" as plaintext in log files.

What strikes me most is that this happened to two giant companies and the same situation.

Any information security expert know how to tell me what's going on?
Reply
  • Offline jreklund
    Administrator
  • *******
  • Posts: 1,408
    Threads: 3
    Joined: Aug 2017
    Reputation: 42
#2
05-05-2018, 02:12 PM

They left debug code in production, simple as that.

And there ain't nothing wrong with bcrypt; It's secure.
You should however use Argon2 instead, if you can.
http://php.net/manual/en/function.password-hash.php
Reply




Theme © iAndrew 2016 - Forum software by © MyBB