I am writing my first attempt at a login system and would like everything to be correct. I feel that I am in duplicated territory, but all my readings could not find a solid answer to several questions. If I missed something, please feel free to point me in the right direction.
I will use 128 bits per salt for all passwords and apply “strong” (subjective, I know!) Passwords, but I can’t understand what is the best way to hash them,
Would CRYPT_SHA512using iterations ever be as strong as using
CRYPT_BLOWFISH?
Is there any difference between CRYPT_SHA512 with iterations and iterations
hash_hmac, using sha512a (large) number of times. Better than the other and which is recommended for password hashing? I ask because I use Kohana and the default value is
authused
hash_hmac. I don’t think it will be too difficult to add iterations to that (and I will have to change it to add to the user's salts anyway), which leads me to ...
Is there a module that will make this already available for Cohan (3.1)? Before I start writing my own, if there is something there that fits, I will be glad to use that. So, something that performs hash stretching (be it bcrypt or sha512) and is allowed for each user. And finally
... as pointed out in the comments, question 4 is really a separate question, so I get rid of it. Feel free to ignore it. The only reason I am not fully editing is because the answer is already mentioned.
4. . , , , . . "" . , , . - int , . hash , ?
a >