gobb Switch password hashing over to bcrypt

Switch password hashing over to bcrypt

Open stevenleeg opened this issue 10 years ago • 3 comments

Feb 19 '14 15:02 stevenleeg

Or even better: use scrypt

Feb 19 '14 20:02 matrixik

@matrixik what makes scrypt better?

Feb 20 '14 02:02 stevenleeg

I will leave this for better than me: http://www.reddit.com/r/PHP/comments/1c210u/opinions_on_password_safetybcryptscryptpbkdf2/c9d8pi5 https://github.com/freedomofpress/securedrop/issues/51 http://security.stackexchange.com/a/49198

As a bonus: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

Feb 20 '14 20:02 matrixik

gobb gobb copied to clipboard

Switch password hashing over to bcrypt

gobb
gobb copied to clipboard