News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Risks and Challenges of Password Hashing
March 11, 2014 @ 09:31:45

The SitePoint PHP blog has a new post today about the challenges of password hashing and some of the common risks that can come with it. It's a continuation of a previous article about the actual techniques for hashing in PHP.

The fact that the output of a hash function cannot be reverted back to the input using an efficient algorithm does not mean that it cannot be cracked. Databases containing hashes of common words and short strings are usually within our reach with a simple google search. Also, common strings can be easily and quickly brute-forced or cracked with a dictionary attack.

He points to a video demonstrating a method for getting the password data and why just salted hashes aren't a secure method for storing this information. He mentions a "randomness issue" (and PHP's rand function). Instead, he shows an example with openssl_random_pseudo_bytes o pull a chunk of randomized data. He then talks some about password stretching using the PBKDF2 handling in PHP. Finally, he goes past the hashing and gets into encryption, mentioning "password tweaking" as an alternative to generating a single key for every user.

0 comments voice your opinion now!
password hashing encryption challenge risk tutorial

Link: http://www.sitepoint.com/risks-challenges-password-hashing/

blog comments powered by Disqus

Similar Posts

DevShed: Creating a MySQL Abstraction Layer with Bridge Classes in PHP 5

WebReference.com: XML and PHP Simplified - Formatting XML Documents

Zend Developer Zone: Using Zend_Feed to Merge Multiple RSS Feeds

PhPL33t Blog: How to Automated Plesk Email Creation

Brian Cline's Blog: Installing PHPUnit on WAMPServer


Community Events





Don't see your event here?
Let us know!


deployment zendserver series framework voicesoftheelephpant bugfix community tips introduction symfony api conference podcast list interview release laravel language threedevsandamaybe code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework