PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Jun 06, 2020 4:55 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Sun Jul 24, 2011 1:35 pm 
Offline
Forum Contributor
User avatar

Joined: Mon Dec 27, 2010 8:58 am
Posts: 134
i've written code to store username and passwords in database. Usernames are stored as it is in string format. And passwords are hashed with a randomely generated integer of variable length.
Is this a good method to encrypt password from possible threat of rainbow tables and brute force attack ? Well i used sha1 for hashing the passwords.


Top
 Profile  
 
PostPosted: Mon Jul 25, 2011 10:43 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Mon Jul 25, 2011 12:17 pm 
Offline
Forum Contributor
User avatar

Joined: Mon Dec 27, 2010 8:58 am
Posts: 134


Top
 Profile  
 
PostPosted: Tue Jul 26, 2011 5:30 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Wed Jul 27, 2011 12:13 pm 
Offline
Forum Contributor
User avatar

Joined: Mon Dec 27, 2010 8:58 am
Posts: 134
yes, that would be better. :wink:
well i'm using md5 just to create hash out of some random number. I guess that's alright to use it here. ( :?: )


Top
 Profile  
 
PostPosted: Sat Jul 30, 2011 10:35 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Sat Jul 30, 2011 4:08 pm 
Offline
Forum Contributor
User avatar

Joined: Mon Dec 27, 2010 8:58 am
Posts: 134
well, after your previous post i did something like -
Syntax: [ Download ] [ Hide ]
$data['key']=str_rot13(sha1(rand(1000,99999)));
$data['pass']=hash(sha256,$data['key'].$data['pass']);
 

and also changing the salt after each login.
I'm aware of what might cause if i use just md5. So did i changed the code a bit. At first i was planning to use timestamp as salt but then i thought it'd be better if i use random number hash and as you suggested to be changed on each login will be safer. :)
Another thing i'm worried about is Cookies and sessions. They both needed to be handled carefully. Still finding the way. :banghead:
Edit : I guess, we can't do anythingelse apart from deciding where to store them and applying hashes.


Top
 Profile  
 
PostPosted: Mon Aug 01, 2011 3:16 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Mon Aug 08, 2011 2:20 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
Read the article in my sig, see if it answers something for you, ask again if there are more questions.


Top
 Profile  
 
PostPosted: Tue Aug 16, 2011 2:51 pm 
Offline
Forum Contributor
User avatar

Joined: Mon Dec 27, 2010 8:58 am
Posts: 134


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group