password-hash

So I need to generate a Sha256 password in Objective-C, and can't figure out for the life of me how to do it! Is there something easy I'm just missing? I've tried implementing the following method (which was written for iPhone, but I figured maybe it'd work cross-platform, as some Objective-C code does) -(NSString*)sha256HashFor:(NSString*)input { const char* str = [input UTF8String]; unsigned char result[CC_SHA256_DIGEST_LENGTH]; CC_SHA256(str, strlen(str), result); NSMutableString *ret = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH*2]; for(int i = 0; i<CC_SHA256_DIGEST_LENGTH;

I recently read an article about password hashing . How are MD5 or SHA1 hashes are created such that it can't be decrypted?? What I think is, it must be encypting string by certain FORMULA (it always gives same hash for the same string; so there must be no randomization) and thats why we should be able to decrypt that by the same FORMULA?? Or people don't know the forumla? MD5 and SHA1 are not encryption algorithms. They are hashing algorithms. It is a one way formula. Running MD5 or SHA1 on a particular string gives a hash that is always the same. It isn't possible to reverse the function to

I've been asked to implement some changes/updates to an intranet-site; make it 'future proof' as they call it. We found that the passwords are hashed using the MD5 algorithm. (the system has been around since 2001 so it was adequate at time). We would now like to upgrade the hashing-algorithm to a stronger one (BCrypt-hash or SHA-256). We obviously do not know the plaintext-passwords and creating a new password for the userbase is not an option *) . So, my question is: What is the accepted way to change hashing-algorithm without having access to the plaintext passwords? The best solution would

I am currently using the following for hashing passwords: var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex'); Could you please suggest improvements to make the project safer? balazs I use the follwing code to salt and hash passwords. var bcrypt = require('bcrypt'); exports.cryptPassword = function(password, callback) { bcrypt.genSalt(10, function(err, salt) { if (err) return callback(err); bcrypt.hash(password, salt, function(err, hash) { return callback(err, hash); }); }); }; exports.comparePassword = function(plainPass, hashword, callback) { bcrypt.compare

I am trying to use password hashing using phpmysql. The issue is password_verify does not seem to work for me so far. Say, my password during registration is '123456789'. I stored it in database using password_hash('123456789', PASSWORD_BCRYPT, array('cost' => 12)); And then when I enter '123456789' in the login field, it does nothing, fails. Here is my code: <?php session_start(); include('db.php'); ?> <!DOCTYPE html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" type=

I am trying to understand password_hash fully in order to be able to explain it for an auditor. Based on my searching for an answer, I understand that the password_hash() function is a wrapper for crypt() . While reading the PHP manual for predefined Constants I see that it uses PASSWORD_BCRYPT as the default integer value (basically it uses the CRYPT_BLOWFISH algorithm to hash a password). What's confusing me is that the $options variable, if omitted, generates a random salt and the cost will be set to 10 . If I supply a higher cost (for example: 12 ), will it still generate a random salt