News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Seven Ways To Screw Up BCrypt
December 21, 2012 @ 12:20:04

If you're going to be rolling your own user handling in your application, no doubt you've heard that something like bcrypt-ing your passwords is a good idea. Well, Anthony Ferrara has some suggestions for you and shows you seven ways you can "screw up" when trying ti implement it.

There are numerous articles on the web about how to properly use bcrypt in PHP. So this time, rather than write yet-another-how-to-use-bcrypt article, I'm going to focus on the mistakes that are commonly made when implementing bcrypt.

Here's the list of seven ways (each has its own description in the post):

  • Using A Non-Random Salt
  • Using An Incorrect Random Source for Salt Generation
  • Using Too Weak Of A Cost Parameter
  • Using The Wrong PHP Version
  • Using The Wrong Prefix
  • Not Checking For Errors
  • Not Using A Library

He also includes two "bonus" things to consider: "Not Using A Timing Safe Comparison" and "Not Encoding The Salt Correctly".

0 comments voice your opinion now!
bcrypt screwup implementation suggestion salt random prefix library


blog comments powered by Disqus

Similar Posts

Edin Kadribasic's Blog: PHP 4.4.4-win32 with MySQL 5.0.22

Community News: ODF-XSLT Project Released

PHPMaster.com: Multi-Factor Authentication with PHP and Twilio

Matthew Weir O'Phinney's Blog: Phly_Struct? no, Phly_Hash...

SitePoint PHP Blog: Where are you? Implementing geolocation with Geocoder PHP


Community Events

Don't see your event here?
Let us know!


php7 example release extension interview voicesoftheelephpant conference framework series version performance opinion community api symfony2 podcast library introduction xdebug laravel

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework