[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Storing passwords
- From: Tony Finch <dot@...>
- Date: Mon, 21 May 2012 19:15:27 +0100
Philippe Lhoste <PhiLho@GMX.net> wrote:
> A hash doesn't allow you to store passwords, it only allows to verify a
> provided password is identical to the expected one. You can't get back a
> password that have been hashed.
> If your goal is only to check passwords, that's OK.
No, don't use a bare hash for storing passwords. Use the standard crypt()
function, or if you want to be even safer use bcrypt or scrypt.
f.anthony.n.finch <firstname.lastname@example.org> http://dotat.at/
Plymouth: Variable 3 or 4. Slight or moderate. Fog patches. Moderate or good,
occasionally very poor.