Passwords, hash() with sha-512 or bcrypt?
Posted: Mon Sep 17, 2012 2:24 pm
Hi everyone
Currently I hash passwords using 512bits of per-user salt from /dev/urandom, 512bits of "pepper" from /dev/urandom which is stored in the file system, then hashed using PHP's hash() function and SHA-512.
But I've been reading that perhaps I should be doing this with crypt() and CRYPT_BLOWFISH instead going forward (I believe this is referred to as bcrypt)?
Using something like phpass?
Cheers, B
Currently I hash passwords using 512bits of per-user salt from /dev/urandom, 512bits of "pepper" from /dev/urandom which is stored in the file system, then hashed using PHP's hash() function and SHA-512.
But I've been reading that perhaps I should be doing this with crypt() and CRYPT_BLOWFISH instead going forward (I believe this is referred to as bcrypt)?
Using something like phpass?
Cheers, B