Hello, recently i wented to make my web application password more
secure, so i went online to read more about password security. I
discovered that md5 function which most developers still use for
securing their password is outdated due to the more effiecient GPU
machines out there that can crack md5() within seconds.
So on my
research process, i stubble on an article that gives me more insight as
to why md5 is old fashioned and bscript is better. I will be writing on
bscript soon.
Today topic is on the major challenge developers face with phpass(a password framework that uses bscript).
After
creating my hashed password, i inserted into the database column. Then i
wanted to login to the web application, and can't login due to the
checkPassword($loginpassword,$storedPassword) method return false.
As
a matter of fact this took me the second day to figure out the cause of
this issue after brain storming the internet for solution, which i
couldn't find.
The problem was caused by the character length of
the hashed password which is 61 rather than 60 characters. So after
doing the password hashing over and over again to ensure that the hash
password is 60 characters. Inserted it to my database table column,
deleting the previous one there.
This time i was able to log in and out as i wish.
So, what i simply saying is that the hashed password should be 60 characters and not less or more.
Thank you for reading.
Follow me on twitter: http://www.twitter.com/_josiah_king
No comments:
Post a Comment