Correct Code Procedure For Storing Passwords Securing Passwords In MYSQL

So currently my code is using a standard sha1 to hash the password for database implementation.

What is or is there a better more securing way to store the password? Maybe MD5 (Yes I am joking)

For example I am using Codeigniter as my framework, What would be the best way to encrypt the passwords?

Answers


You should really use bcrypt to hash your passwords, it was designed especially for hashing password.

Hash functions for passwords should be slow (need some computing time). Most hash algorithms like SHA-1 and MD5 or even SHA-256 are designed to be fast, but this makes it an easy target for brute force attacks.

Don't be afraid to use bcrypt! It is not for high security sites only, and using it can be as easy, as using an md5 hash. It's recommended to use a well established library like phpass, and if you want to understand how it works, you can read this article, where i tried to explain the most important points.


I would do it this way.

salt = For each user generate a random seed with a random length. 

iterations = Select a random number

while(iterations  != 0)  {

hashed_password = hash_function(password.salt) . salt;    iterations-- }

in the password field save them like so:

hashed_password:salt:hash_function:iterations.

And at login use the new password in combination with salt, hash_function and iteration to hash it and compare the result with the hashed_password.

off course you can use multiple hash functions to like sha_x(md5(salt.password).salt).salt or what ever you want but make sure that you save it in some way in order to make the comparison at login.


This lib is very good: http://www.openwall.com/phpass/ It uses the crypt method with various algorithms and also has it's own based on md5 but with so many iterations and salt that it's "safe".


Need Your Help

writing multiple dataframe into one excel sheet using xlsx and R

r xlsx rjava

I have a set of csv files in different directories, I would like to put them all in one excel file, each table in one excel sheet.

Large json file transformation via code or not

java c++ json xquery large-files

after trying to work with mongoDB , and finding out that it dosn't work with documents that are larger the 16 mega .

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.