Genoa improved security

password storage in database hash

Tags: Security

ez	#34744 22. Juni 2012, 19:43
Contributors Thanked: 10 mal	Forget about my old version.... I have read more articles, and I was doing it wrong. The salt should be random on every user, so no fixed salts ! This new code uses SHA256 encryption and a 64 character salt... this is super safe. I have made the salting autoupdate... so no difficult migrations, if they login, the new, improved, password is generated. I also made the minimum password length to 6 (was 4). LINK to code: security 0623 v3 Again, this is AS IS... And I donate it to the Cotonti community (BEWARE THIS IS FOR GENOA: 0.6.23). Please test all stuff first... I might have made mistakes ! (logging in and logging out is tested) Run the SQL file to update the database first Let me know your test results ! If all goes well this should really be in 0.6.24 !!! only a md5 is just NOT safe anymore ! ==- I say: Keep it EZ -==
Dieser Beitrag wurde von ez (am 22. Juni 2012, 20:31, vor 11 Jahre) bearbeitet

#34744 22. Juni 2012, 19:43

Forget about my old version.... I have read more articles, and I was doing it wrong. The salt should be random on every user, so no fixed salts !

This new code uses SHA256 encryption and a 64 character salt... this is super safe.

I have made the salting autoupdate... so no difficult migrations, if they login, the new, improved, password is generated.
I also made the minimum password length to 6 (was 4).

LINK to code: security 0623 v3

Again, this is AS IS... And I donate it to the Cotonti community (BEWARE THIS IS FOR GENOA: 0.6.23).

Please test all stuff first... I might have made mistakes ! (logging in and logging out is tested)
Run the SQL file to update the database first

Let me know your test results !

If all goes well this should really be in 0.6.24 !!! only a md5 is just NOT safe anymore !

==- I say: Keep it EZ -==

Dieser Beitrag wurde von ez (am 22. Juni 2012, 20:31, vor 11 Jahre) bearbeitet