[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Storing passwords
- From: Tony Finch <dot@...>
- Date: Mon, 21 May 2012 19:15:27 +0100
Philippe Lhoste <[email protected]> wrote:
>
> A hash doesn't allow you to store passwords, it only allows to verify a
> provided password is identical to the expected one. You can't get back a
> password that have been hashed.
> If your goal is only to check passwords, that's OK.
No, don't use a bare hash for storing passwords. Use the standard crypt()
function, or if you want to be even safer use bcrypt or scrypt.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Plymouth: Variable 3 or 4. Slight or moderate. Fog patches. Moderate or good,
occasionally very poor.
