[geeklog-devel] Password Hashing
Vincent Furia
vfuria at gmail.com
Tue Dec 14 02:19:26 EST 2010
Just caught this "article":
http://codahale.com/how-to-safely-store-a-password/
TL;DR: It recommends using bcrypt (a variant of Blowfish encryption) to hash
passwords.
For those who want details,
http://www.usenix.org/events/usenix99/provos/provos_html/node1.html is a
very detailed paper about the security of using bcrypt for password hashing.
There is a "Portable PHP password hashing framework" that supports bcrypt:
http://www.openwall.com/phpass/
If we're going to move to something more secure than MD5 or SHA1 (and
its derivatives) for our password hash, we might as well move to something
with some built in future proofing.
-Vinny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20101214/8791b2d0/attachment.html>
More information about the geeklog-devel
mailing list