Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara's Blog:
Properly Salting Passwords, The Case Against Pepper
Apr 18, 2012 @ 14:23:31

In this new post to his blog Anthony Ferrara looks at a common idea that comes up when the discussion of encryption of passwords in PHP - the global salt (or "pepper").

The other day I announced the release of my new password hashing library, PasswordLib. As I've come to expect, Reddit was full of interesting commentary on the topic. Some was good, some was bad and some surprised me. What surprised me was the insistence on a global salt (otherwise known as a "pepper"). So, I started thinking about it some more, and I figured I'd write a post on why I don't use peppers in my hashing algorithms (and why you may want to rethink it too).

He starts with an explanation of what a salt is (and isn't) to lead naturally into the idea of a "pepper", a single unique value that's used across an entire site/application for password encryption. He covers four flaws inherent with this method:

  • There's no proof that using them increases your security.
  • There are no publicly vetted hashing algorithms that accept a pepper as an argument.
  • Using a block cipher instead of a pepper provides a stronger level of encryption and protection.
  • The entire concept of a pepper is based around a flawed premise. [...] The flaw in that premise is that it's often not just your database that's leaked.
tagged: password encryption salt pepper cipher

Link:

Chris Hartjes' Blog:
WordPress 2.1 and Mint
Feb 01, 2007 @ 00:51:13

If you're both a WordPress an Mint user and are wanting to integrate them the easy way, check out this new entry from Chris Hartjes about combining the two.

Now, the installation is fairly easy but there was a weird bug that was appearing, where a check to see if you are running a licensed copy of Mint kept getting triggered when I tried to access my feeds via a feed alias. The solution? An ugly hack, if you ask me.

The problem was with a Pepper for Mint called Bird Feeder Pepper that helps track RSS feed usage. The solution he found was a snippet of PHP code you'll need to insert into several of the feed scripts WordPress offers (as provided).

tagged: wordpress mint statistics birdfeeder pepper addon hack wordpress mint statistics birdfeeder pepper addon hack

Link:

Chris Hartjes' Blog:
WordPress 2.1 and Mint
Feb 01, 2007 @ 00:51:13

If you're both a WordPress an Mint user and are wanting to integrate them the easy way, check out this new entry from Chris Hartjes about combining the two.

Now, the installation is fairly easy but there was a weird bug that was appearing, where a check to see if you are running a licensed copy of Mint kept getting triggered when I tried to access my feeds via a feed alias. The solution? An ugly hack, if you ask me.

The problem was with a Pepper for Mint called Bird Feeder Pepper that helps track RSS feed usage. The solution he found was a snippet of PHP code you'll need to insert into several of the feed scripts WordPress offers (as provided).

tagged: wordpress mint statistics birdfeeder pepper addon hack wordpress mint statistics birdfeeder pepper addon hack

Link:


Trending Topics: