Re: Storing passwords

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Storing passwords
From: Tony Finch <dot@...>
Date: Mon, 21 May 2012 19:15:27 +0100

Philippe Lhoste <PhiLho@GMX.net> wrote:
>
> A hash doesn't allow you to store passwords, it only allows to verify a
> provided password is identical to the expected one. You can't get back a
> password that have been hashed.
> If your goal is only to check passwords, that's OK.

No, don't use a bare hash for storing passwords. Use the standard crypt()
function, or if you want to be even safer use bcrypt or scrypt.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Plymouth: Variable 3 or 4. Slight or moderate. Fog patches. Moderate or good,
occasionally very poor.

Follow-Ups:
- Re: Storing passwords, steve donovan

References:
- Storing passwords, Paco Willers
- Re: Storing passwords, Philippe Lhoste

Prev by Date: Re: Storing passwords
Next by Date: Re: Storing passwords
Previous by thread: Re: Storing passwords
Next by thread: Re: Storing passwords
Index(es):
- Date
- Thread