Proper code procedure for storing passwords protecting passwords in MYSQL

Question

Proper code procedure for storing passwords protecting passwords in MYSQL

So, currently my code uses the standard sha1for password hashing for the database implementation.

What is or is there a more secure way to store a password? Maybe MD5 (yes, I'm joking)

For example, I use Codeigniter as my structure, what would be the best way to encrypt passwords?

+5

php mysql passwords password-protection codeigniter

Jess mckenzie Aug 17 '12 at 6:01

source share

4 answers

.

salt = For each user generate a random seed with a random length. 

iterations = Select a random number

while(iterations  != 0)  {

hashed_password = hash_function(password.salt) . salt;    iterations-- }

:

hashed_password:salt:hash_function:iterations.

, hash_function hashed_password.

, -, , sha_x (md5 (salt.password).salt).salt , , - , .

+2

thedethfox 17 . '12 6:18

: http://www.openwall.com/phpass/ , md5, , "".

+1

Johni 17 . '12 6:48

SHA1 2005

15 2005 .
SHA-1 Broken
SHA-1 . . . .
Research team Xiaoyun Wang, Yiqun Lisa Yin and Hongbo Yu (mainly from Shandong University in China) were quietly circulating a document describing their results: collisions in full SHA-1 in a 2 * 69 hash operation, much less than brute force attack 2 * 80 operations based on hash length.
in SHA-0 in 2 ** 39 operations.
in the 58-round SHA-1 in 2 ** 33 operations.

Take a look at this comparison list .

0

Cloudymarble Aug 17 '12 at 6:07

source share

martinstoeckli · Accepted Answer · 2012-08-17T20:46:54+0000

You really have to use bcrypt to hash your passwords, it was designed specifically for hashing passwords.

( ). , SHA-1 MD5, SHA-256, , .

bcrypt! , , md5. , phpass, , , , .

Proper code procedure for storing passwords protecting passwords in MYSQL

More articles: