WP Tavern › Forums › Create Topic
squalyl One more word about ciphered passwords: -do not cipher them using a symmetic key (e.g. DES or AES) . If the key is found, then all the passwords are revealed. -do not simply store SHA or MD5 hashes. There are hash dictionaries on the web. Rainbow tables are also usable to find the password that generated a particular hash. -use salting and integrate the username in the hash: 1)choose a random string A 2)compute B= SHA256(username:password) 3)store in the database A and SHA256(A:B) 3bis) as an alternative, store A and SHA256(A:username:password) this way, the stored hash cannot be used to recover the password.
squalyl
One more word about ciphered passwords:
-do not cipher them using a symmetic key (e.g. DES or AES) . If the key is found, then all the passwords are revealed. -do not simply store SHA or MD5 hashes. There are hash dictionaries on the web. Rainbow tables are also usable to find the password that generated a particular hash.
-use salting and integrate the username in the hash:
1)choose a random string A 2)compute B= SHA256(username:password) 3)store in the database A and SHA256(A:B) 3bis) as an alternative, store A and SHA256(A:username:password)
this way, the stored hash cannot be used to recover the password.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content