Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Foren / Cotonti / Development / Genoa improved security

password storage in database hash

ez
#34744 22. Juni 2012, 19:43

Forget about my old version.... I have read more articles, and I was doing it wrong. The salt should be random on every user, so no fixed salts !

This new code uses SHA256 encryption and a 64 character salt... this is super safe.

I have made the salting autoupdate... so no difficult migrations, if they login, the new, improved, password is generated.
I also made the minimum password length to 6  (was 4).

LINK to code: security 0623 v3

Again, this is AS IS... And I donate it to the Cotonti community   (BEWARE THIS IS FOR GENOA: 0.6.23).

Please test all stuff first... I might have made mistakes !  (logging in and logging out is tested)
Run the SQL file to update the database first

Let me know your test results !

If all goes well this should really be in 0.6.24 !!!   only a md5 is just NOT safe anymore !
 

==- I say: Keep it EZ -==

Dieser Beitrag wurde von ez (am 22. Juni 2012, 20:31, vor 9 Jahre) bearbeitet