Kommentare zu: PHP: Everything you need to know about secure password hashing http://juliusbeckmann.de/blog/php-everything-you-need-to-know-about-secure-password-hashing.html Ich bin nicht verrückt, nur technisch begabt ... Fri, 26 Sep 2014 12:04:55 -0400 http://wordpress.org/?v=2.8.2 hourly 1 Von: Jani Hartikainen http://juliusbeckmann.de/blog/php-everything-you-need-to-know-about-secure-password-hashing.html/comment-page-1#comment-856 Jani Hartikainen Sun, 10 Apr 2011 19:55:51 +0000 http://juliusbeckmann.de/blog/?p=414#comment-856 Very good advice here. I'd just like to mention one thing. You talk about how modern GPUs can calculate md5 hashes very fast. This is why you should use something else than md5 or sha1 - they are both designed to be fast. If you can, you could consider using blowfish instead, which is a much slower algorithm. It isn't slow enough to take too long when you just want to hash a user's new password or anything like that though, so it's usable in that regard. You can use Blowfish in PHP via PEAR Crypt_Blowfish or using the builtin crypt() function (altho not entirely sure if it has support for blowfish pre 5.3) Very good advice here. I'd just like to mention one thing.

You talk about how modern GPUs can calculate md5 hashes very fast. This is why you should use something else than md5 or sha1 - they are both designed to be fast.

If you can, you could consider using blowfish instead, which is a much slower algorithm. It isn't slow enough to take too long when you just want to hash a user's new password or anything like that though, so it's usable in that regard.

You can use Blowfish in PHP via PEAR Crypt_Blowfish or using the builtin crypt() function (altho not entirely sure if it has support for blowfish pre 5.3)

]]>