TankAuth uses PHPass to hash passwords with the portable mode set to FALSE by default, which allows PHPass to use bcript instead, since portable hashes do not store salt in their hash.
But if we want to move the database to another server, we need to set it to TRUE even before adding entries to the table in order to avoid password recovery later. Obviously storing TRUE portable hashes makes encrypted passwords highly insecure
Is there any better solution using auth to back up hash passwords but painless database migration on servers?
source
share