Re: Storing passwords

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Storing passwords
• From: Tony Finch <dot@...>
• Date: 2012年5月21日 19:15:27 +0100

---

Philippe Lhoste <PhiLho@GMX.net> wrote:
>
> A hash doesn't allow you to store passwords, it only allows to verify a
> provided password is identical to the expected one. You can't get back a
> password that have been hashed.
> If your goal is only to check passwords, that's OK.
No, don't use a bare hash for storing passwords. Use the standard crypt()
function, or if you want to be even safer use bcrypt or scrypt.
Tony.
-- 
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
Plymouth: Variable 3 or 4. Slight or moderate. Fog patches. Moderate or good,
occasionally very poor.

---

• Follow-Ups:
  • Re: Storing passwords, steve donovan

• References:
  • Storing passwords, Paco Willers
  • Re: Storing passwords, Philippe Lhoste

• Prev by Date: Re: Storing passwords
• Next by Date: Re: Storing passwords
• Previous by thread: Re: Storing passwords
• Next by thread: Re: Storing passwords
• Index(es):
  • Date
  • Thread