You pick the winners! Login and vote now.
By clearnetwork
via total-php.com
Published: Jul 09 2008 / 21:04
When creating a membership based site security is paramount - especially if you're dealing with personal information. When it comes to passwords you'll want to encrypt them wherever they are stored so they can't be stolen. Here are a few things you can do to make your passwords as safe as possible.
Comments
Sven Arild Helleland replied ago:
SHA is not a encryption it is a hashing method! Thereof the name "Secure Hash Algorithm".
You should also read up about using salts when hashing passwords, failing to do so makes the hashes vulnerable for rainbow tables.
I also recommend that you take a look on the hash() functions instead of using sha1().
http://no.php.net/manual/en/function.hash.php
mathewbyrne replied ago:
Salting? Hashing vs. Encryption?
This article describes the bare minimum that any security-conscious PHP developer should do to protect the credentials of their users. But surely at this point in 2008 we're all hashing and salting our stored passwords properly?
Voters For This Link (6)
Voters Against This Link (7)