password-hash

I saw some guy who encrypt users password multiple times with MD5 to improve security. I'm not sure if this works but it doesn't look good. So, does it make sense? Let's assume the hash function you use would be a perfect one-way function. Then you can view its output like that of a "random oracle" , its output values are in a finite range of values (2^128 for MD5). Now what happens if you apply the hash multiple times? The output will still stay in the same range (2^128). It's like you saying "Guess my random number!" twenty times, each time thinking of a new number - that doesn't make it

I'm looking to allow bcrypt support in my authentication library. One of the problems right now is that I assume that the hasher will be of type HashAlgorithm . Bcrypt.net does not implement this class. Also, it's sealed so I would have to make my own branch off of it and modify it myself. Are there any better alternatives that already implement HashAlgorithm? Try this: public class BCryptHasher : HashAlgorithm { private MemoryStream passwordStream = null; protected override void HashCore(byte[] array, int ibStart, int cbSize) { if (passwordStream == null || Salt == null) Initialize();

I'm wondering if this function (which is in part taken from a ~2 year old phpBB version), is good enough. If not, why? And how would you change it (making the transition seamless for existing users) ? The result of hash_pwd() is what will be saved in a DB. function hash_pwd($password) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random_state = $this->unique_id(); $random = ''; $count = 6; if (($fh = @fopen('/dev/urandom', 'rb'))) { $random = fread($fh, $count); fclose($fh); } if (strlen($random) < $count) { $random = ''; for ($i = 0; $i < $count; $i += 16) {

As many will know, one-way encryption is a handy way to encrypt user passwords in databases. That way, even the administrator of the database cannot know a user's password, but will have to take a password guess, encrypt that with the same algorithm and then compare the result with the encrypted password in the database. This means that the process of figuring out the password requires massive amounts of guesses and a lot of processing power. Seeing that computers just keep getting faster and that mathematicians are still developing these algorithms, I'm wondering which one is the most secure

I am using Code Igniter for my current project. As of now, I am using MD5 for password hashing, but I have read at a lot of places, that it is not a good practice to do so. What should I go with? Using a salt Or should I use bcrypt Also, if bcrypt is recommended, then how to use it with Code Igniter? EDIT I have put these files in application/libraries PasswordHash.php c/Makefile c/crypt_private.c In my controller, I am using this code - $params = array( 'phpass_hash_strength' => 8, 'phpass_hash_portable' => FALSE ); $this->load->library('PasswordHash', $params); $password = $this-

I'm trying to create a custom registration component for Joomla, and I was wondering if anyone knew how to create the correct password encryption for joomla? Joomla passwords look like this : fbae378704687625a410223a61c66eb1:VM6DwmVWHTwpquDq51ZXjWWADCIc93MR Which I believe are md5 (or something) and one way encryption? Am just looking for a php code of sorts to create that same encryption. Cheers From joomla Forum, that's what happen behind: Generate a password Generate 32 random characters Concatenate 1 and 2 md5(3) store 4:2 Example: Generate a password - we'll use 'password' Generate 32