发表新帖
发表新帖

How do you securely store a user's password and salt in MySQL?

前端 未结
关注
8 1634
走了就别回头了
走了就别回头了 2020-12-08 08:44

So, I found out on SO that you\'re supposed to hash the password together with a \"salt\". (The articles can be found here and here.)

Here\'s the code:
8条回答
  • 情话喂你
    情话喂你 (楼主)
    2020-12-08 08:56

    I know this is old, but for anyone that manages to stumble on this post...

    What you are really trying to do HMAC. Trying to do that yourself creates issues. You can partially compute hashes, which reduces the amount of effort required to guess at a password, for instance. HMAC addresses those kinds of concerns.

    Better still is scrypt or bcrypt. HMAC still often uses hash algorithms that are designed to be quick and easy to compute; there is even hardware implementations of many of the hash algorithms. bcrypt is computationally expensive and scrypt is memory intensive. Both make things harder for an attacker, but scrypt in particular makes it really hard to build hardware devices to crack a password.

    I really like the chart over here: https://github.com/pbhogan/scrypt#why-you-should-use-scrypt

    0 讨论(0)
 看不清?
提交回复
热议问题