Hi everyone
Currently I hash passwords using 512bits of per-user salt from /dev/urandom, 512bits of "pepper" from /dev/urandom which is stored in the file system, then hashed using PHP's hash() function and SHA-512.
But I've been reading that perhaps I should be doing this with crypt() and CRYPT_BLOWFISH instead going forward (I believe this is referred to as bcrypt)?
Using something like phpass?
Cheers, B
Passwords, hash() with sha-512 or bcrypt?
Moderator: General Moderators
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Passwords, hash() with sha-512 or bcrypt?
You dont have to use phpass, you can use the build in crypt() functions.
I've been doing some reading myself, and think I will be heading that way with my next login mechanism as well.
I've been doing some reading myself, and think I will be heading that way with my next login mechanism as well.