Do’s and dont’s secure hash and salt for PHP passwords

WebTUTs 2.0

Today i will gonna show you how to secure your users password in php.


Don’ts: –

– Don’t limit what characters users can enter for passwords. Only idiots do this.
– Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
– Never store your user’s password in plain-text.
– Never email a password to your user *except when they have lost theirs, and you sent a temporary one.*
– Never, ever log passwords in any manner.
– Never hash passwords with [SHA1] or MD5! [Modern crackers] can exceed 60 and 180 billion hashes/second (respectively).

Do’s: –

– Use scrypt when you can; bcrypt if you cannot.
– Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
– Reset everyone’s passwords when the database is compromised.
– Implement a reasonable 8-10…

View original post 857 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s