On 28.07.2011 12:53, Alex Nikitin wrote:
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a British pound in your password, blowfish
wi
On 28.07.2011 11:13, John Black wrote:
This approach makes it impractical to bruteforce the hash because every
single test will have to run md5() 3000 times before it can validate a
single hash.
--
John
I am sorry, I made a mistake here, 3000 times is not enough for this.
The actual code for th
I would like to add some info about storing the password hash in the
database.
I recently tested how quickly one can brute force a simple md5('foo')
hash with a modern GPU. The results have been truly eye opening
I have been able to break hundreds of hashes with my ATI 6870 in a
couple of
wil prim wrote:
>Ok so I have the md5() taken care of and now i have also attempted to
>create a login form plus a check login form that will try and match the
>hashed value of the input with a field in the data base and if
>successful it will echo 'You are now logged in' or else it will echo
>
http://www.php.net/manual/en/security.database.sql-injection.php
http://www.php.net/manual/en/security.database.storage.php
On Wed, 2011-07-27 at 14:01 -0700, wil prim wrote:
> Hello, I am just starting out with PHP and I have just created a database
> named "Members" with a table named "Persons". There are 5 fields
> (id,firstname, lastname, username, password) . The form I created is a sign
> up form and the value
7 matches
Mail list logo
