¡@
php Programming Glossary: phpassHow can I store my users' passwords safely? http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely Take a look at Portable PHP password hashing framework phpass and make sure you use the CRYPT_BLOWFISH algorithm if at all.. algorithm if at all possible. example of code using phpass v0.2 require 'PasswordHash.php' pwdHasher new PasswordHash 8..
Is this a good hashing password function in PHP? If not, why not? http://stackoverflow.com/questions/16042128/is-this-a-good-hashing-password-function-in-php-if-not-why-not qualification of portable . This will only apply to the phpass library if you pass true as the second constructor parameter... constructor parameter. From here on out in this answer phpass refers ONLY to the portable algorithm and not the library itself... this themselves a very good thing but ported it from phpass directly arguable . There are a few questions we should ask..
Historical security flaws of popular PHP CMS's? http://stackoverflow.com/questions/2951917/historical-security-flaws-of-popular-php-cmss per ms to 1. To ease the process you can use the library phpass developped by some password guru. CMS examples Joomla salted.. salted md5 ModX md5 Typo3 cleartext Drupal switched to phpass after this discussion . More information The phpass page . Cross.. to phpass after this discussion . More information The phpass page . Cross Site Scripting XSS Description The goal of these..
How should I choose an authentication library for CodeIgniter? http://stackoverflow.com/questions/346980/how-should-i-choose-an-authentication-library-for-codeigniter auto expire Simple yet effective error handling Uses phpass for hashing and also hashes autologin codes in the DB Does not.. footprint 4 files Minimalistic absolutely no bloat Uses phpass for hashing excellent Cons Only login logout create and delete.. lost passwords Automatic cookie login feature Configurable phpass for hashing properly salted of course Hashing of passwords Hashing..
How to create and store password hashes with Blowfish in PHP http://stackoverflow.com/questions/4983697/how-to-create-and-store-password-hashes-with-blowfish-in-php articles PHP Users Passwords I recommend using the phpass library because it handles generating a random salt for you..
http://stackoverflow.com/questions/4983915/is-time-a-good-salt you could use the following function From the source of phpass v0.3 php Generate pseudo random bits @copyright public domain.. bits @copyright public domain @link http www.openwall.com phpass @param int length number of bits to generate @return string..
Portable (PHPass) password hashes. Should I use them? http://stackoverflow.com/questions/5343611/portable-phpass-password-hashes-should-i-use-them hashes Is it the character length php database passwords phpass share improve this question Task Auth uses PHPass for password..
How can I store my users' passwords safely? http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely echo 'password correct' else echo 'wrong credentials' PHPass has been implemented in some quite well known projects phpBB3..
Sending passwords over the web http://stackoverflow.com/questions/2797133/sending-passwords-over-the-web in an insecure way. Use a good security framework e.g. PHPass don't rely on code that is not widely in use. share improve..
Is there an advantage to this hash for security? http://stackoverflow.com/questions/4742891/is-there-an-advantage-to-this-hash-for-security field Use the Portable PHP password hashing framework . PHPass actually uses bcrypt which is an algorithm designed to prevent..
Portable (PHPass) password hashes. Should I use them? http://stackoverflow.com/questions/5343611/portable-phpass-password-hashes-should-i-use-them PHPass password hashes. Should I use them I'm installing a user registration.. phpass share improve this question Task Auth uses PHPass for password hashing an old version that's not a good sign you.. good sign you might want to update that in your install . PHPass has two modes portable and bcrypt. Depending on the PHP version..
Is this a good hashing password function in PHP? If not, why not? http://stackoverflow.com/questions/16042128/is-this-a-good-hashing-password-function-in-php-if-not-why-not this question The code that you have given is a port of PHPASS specifically the portable algorithm. Note the qualification..
Am I using PHP's crypt() function correctly? http://stackoverflow.com/questions/3820977/am-i-using-phps-crypt-function-correctly improve this question You really should have a look at PHPASS http www.openwall.com phpass It's a password hashing framework.. Passwords UPDATE Currently there's an alternative for the PHPASS library. In the next version of PHP there are special functions..
Secure hash and salt for PHP passwords http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords or finding yourself a good wrapper or use something like PHPASS for a more legacy implementation. I recommend a minimum of 12.. practices I almost can't imagine this situation anymore. PHPASS supports PHP 3.0.18 through 5.3 so it is usable on almost every.. supports bcrypt. But suppose that you cannot use bcrypt or PHPASS at all. What then Try an implementation of PDKBF2 with the maximum..
Update old stored md5 passwords in PHP to increase security http://stackoverflow.com/questions/8841719/update-old-stored-md5-passwords-in-php-to-increase-security Instead use a proper iterative algorithm such as PBKDF2 PHPASS or CRYPT_BLOWFISH 2a . My suggestion would be to use crypt with..
openssl_digest vs hash vs hash_hmac? Difference between SALT & HMAC? http://stackoverflow.com/questions/8952807/openssl-digest-vs-hash-vs-hash-hmac-difference-between-salt-hmac hash md5 hash . password In fact this is exactly what PHPASS uses slightly tweaked but this is the base algorithm ... So.. with a vetted algorithm. Use CRYPT_BLOWFISH bcrypt use PHPASS use PasswordLib . But don't invent your own just because you..
|