PHPDeveloper.org: Kavoir.com: Just Hashing is Far from Enough for Storing Passwords (Dictionary & Rainbow Attacks)

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Kevin Schroeder's Blog: How to (properly) evaluate Zend Server - Introduction

Job Posting: Oakley Seeks Web Software Engineer (Foothill Ranch, CA)

Job Posting: Etouches.com Seeks Web Developer (Reading, UK or Ridgefield, CT)

Job Posting: Broadcast Interactive Media Seeks PHP Developer (Madison, WI)

Job Posting: Return Path, Inc. Seeks PHP Web Developer (Broomfield, CO)

Job Posting: HypedSound Seeks Co-Founder/Lead Developer (Virtual, NYC)

Job Posting: deviantART Seeks Web Application Developers (Telecommute)

Job Posting: TheChange.com Seeks Lead Web Developer - PHP (Vancouver, BC)

Job Posting: DunnWell, LLC Seeks OO PHP/Software Developer (Durham, NC)

Kore Nordmann's Blog: Native parallel PHP job queue

News Archive

Gonzalo Ayuso's Blog: Using Monkey Patching to store files in CouchDb using the standard filesystem

Kevin Schroeder's Blog: You want to do WHAT with PHP? Chapter 4

TechTatva.com: [How To] Setup Cherokee with PHP5 FPM

Zend Developer Zone: Zend Framework is a BOSSie Award Winner

ThinkPHP Blog: Contributing to Zend Framework

Developer.com: Getting Started with Memcached Distributed Memory Caching

AjaxRay.com: Extending Zend Form Element to create customized Phone number field

Site News: Blast from the Past - One Year Ago in PHP

Gonzalo Ayuso's Blog: Using CouchDb as filesystem with PHP

Web Builder Zone: The different kinds of testing

Kavoir.com:
Just Hashing is Far from Enough for Storing Passwords (Dictionary & Rainbow Attacks)

by Chris Cornutt March 09, 2010 @ 13:11:01

On Kavoir.com there's a new post that reminds you that hashing isn't enough anymore to protect your users and their passwords. They offer a suggestion or two of what you can do to help lock things down a bit more.

The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the database. [...] This approach may be secure in the 70s of the last century, but barely any more.

Computing has evolved enough to where hashed can be matched, sometimes in less than two or three minutes. Their answer to the problem? Generate a random salt each time you create the hash with a constant being used as a base. A code snippet calling a user-defined function and the sha1 function are included.

0 comments voice your opinion now!
hash password salt dictionary rainbow attack

Similar Posts

ONLamp.com: Points of Attack: PHP and Ajax

php|architect: DRM no more

IBM developerWorks: PHP encryption for the common man

DevShed: Database and Password Security for Web Applications

Developer Tutorials Blog: Hacking Wordpress When You've Forgotten Your Password

Community Events

phpnw10 PHP Conference 09/10/2010

Don't see your event here?
Let us know!

All content copyright, 2010 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework