7/25/2023 0 Comments Netbeans error parsing file reddit![]() Reset everyone's passwords when the database is compromised.Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.Use scrypt when you can bcrypt if you cannot.(This applies to any input that may have a rogue \0 in it, which can seriously weaken security.) Don't mix bcrypt and with the raw output of hash(), either use hex output or base64_encode it.Never hash passwords with SHA1 or MD5 or even SHA256! Modern crackers can exceed 60 and 180 billion hashes/second (respectively).Never, ever log passwords in any manner.Never email a password to your user except when they have lost theirs, and you sent a temporary one.Never store your user's password in plain-text.Don't strip or escape HTML and special characters in the password.If your users want a sentence with supercalifragilisticexpialidocious in it, don't prevent them from using it. Don't limit what characters users can enter for passwords.The theory of the answer is still a good read though. Since then, PHP has given us password_hash and password_verify and, since their introduction, they are the recommended password hashing
0 Comments
Leave a Reply. |