Genoa improved security

password storage in database hash

Tags: Security

ez	#16 23. Juni 2012, 14:51
Contributors Thanked: 10 mal	True, The cfg['salt'] is an extra level of security ! That would be insanely secure... (BUT like you said.... if you loose.. or accidently modify your cfg SALT.... all passwords are gone) ==- I say: Keep it EZ -==

GHengeveld	#17 24. Juni 2012, 12:23
Team Thanked: 52 mal	I wouldn't say insanely secure, but on par with competitors. Security is simply a matter of the weakest link. By improving the hashing method, we only improve the security of one specific part. Anyway, with such a system at least the password hashes will be quite secure, even though it mostly depends on the algorithm used to calculate the hashes. While SHA256 is pretty good, there's even better alternatives such as blowfish (bcrypt). Unfortunately not all hosts support blowfish, so it can't be the default. I'd like to see it implemented as a plugin though.
Dieser Beitrag wurde von GHengeveld (am 24. Juni 2012, 16:10, vor 11 Jahre) bearbeitet

GHengeveld

#17 24. Juni 2012, 12:23

Team
Thanked: 52 mal

I wouldn't say insanely secure, but on par with competitors. Security is simply a matter of the weakest link. By improving the hashing method, we only improve the security of one specific part. Anyway, with such a system at least the password hashes will be quite secure, even though it mostly depends on the algorithm used to calculate the hashes. While SHA256 is pretty good, there's even better alternatives such as blowfish (bcrypt). Unfortunately not all hosts support blowfish, so it can't be the default. I'd like to see it implemented as a plugin though.

Dieser Beitrag wurde von GHengeveld (am 24. Juni 2012, 16:10, vor 11 Jahre) bearbeitet

ErsteVorherige12