Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

PHP Forum


You are currently viewing our PHP Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > PHP Forum > Secure Password Storage Practice

Freelance Jobs

Reply
Secure Password Storage Practice
Old 09-29-2009, 08:29 PM Secure Password Storage Practice
ATLChris's Avatar
Experienced Talker

Posts: 37
Trades: 0
Talkupation: ATLChris is on a distinguished road
What is the best method to store passwords in a MySQL database? Should I MD5 or SHA1 or BOTH?

What is the best practice for this?
__________________
--

Please login or register to view this content. Registration is FREE

Please login or register to view this content. Registration is FREE

@ATLChris
ATLChris is offline
Reply With Quote
View Public Profile
 
 
Register now for full access!
Old 09-30-2009, 02:56 AM Re: Secure Password Storage Practice
lizciz's Avatar
Webmaster Talker

Posts: 744
Name: Mattias Nordahl
Location: Sweden
Trades: 0
Talkupation: lizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to beholdlizciz is a splendid one to behold
I did some research on this some time ago, to find the most secure storing method. What I learned is that you should use an algorith called bcrypt. After much hassle, I found an php implemantation of the algorithm, here: http://openwall.com/phpass/

I'm not clear on all the details anymore. It was, as I said, some time ago :P
Good luck!
__________________
34343639363436653237373432303635373837303635363337 34323037343638363137343263323036343639363432303739 366637353366
lizciz is online now
Reply With Quote
View Public Profile Visit lizciz's homepage!
 
Old 09-30-2009, 03:20 AM Re: Secure Password Storage Practice
NullPointer's Avatar
Will Code for Food

Latest Blog Post:
Start Services Using a Batch File
Posts: 2,784
Name: Matt
Location: Irvine, CA
Trades: 0
Talkupation: NullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant future
Sha1 is secure enough for most purposes. Personally I generate a salt (a random string of characters) for each user and use that salt to double hash the string:

PHP Code:
$salt//the salt you generated for this user
$pass $_POST['password'];
$hash sha1$salt sha1($pass) ); 
Some people use a single salt for all of their users, others generate a salt for each user.
__________________

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
NullPointer is offline
Reply With Quote
View Public Profile Visit NullPointer's homepage!
 
Reply     « Reply to Secure Password Storage Practice
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > PHP Forum > Secure Password Storage Practice

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.11874 seconds with 12 queries