News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kavoir.com:
Just Hashing is Far from Enough for Storing Passwords (Dictionary & Rainbow Attacks)
March 09, 2010 @ 13:11:01

On Kavoir.com there's a new post that reminds you that hashing isn't enough anymore to protect your users and their passwords. They offer a suggestion or two of what you can do to help lock things down a bit more.

The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the database. [...] This approach may be secure in the 70s of the last century, but barely any more.

Computing has evolved enough to where hashed can be matched, sometimes in less than two or three minutes. Their answer to the problem? Generate a random salt each time you create the hash with a constant being used as a base. A code snippet calling a user-defined function and the sha1 function are included.

0 comments voice your opinion now!
hash password salt dictionary rainbow attack


blog comments powered by Disqus

Similar Posts

PHPBuilder.com: Securing Data Sent Via GET Requests

DevShed: User Authentication and PHP Security

Chris Shiflett's Blog: Character Encoding and XSS

ITNewb.com: Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard

Pierre-Alain Joye's Blog: PHP Security Conference in Paris, 2007/01/29


Community Events











Don't see your event here?
Let us know!


framework podcast application introduction hhvm component composer package project hack security unittest release symfony2 example performance language facebook database install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework