Am I supposed to store hashes for passwords?

Posted by Doug on Stack Overflow See other posts from Stack Overflow or by Doug
Published on 2010-06-14T14:39:41Z Indexed on 2010/06/14 14:42 UTC
Read the original article Hit count: 166

Filed under:

php5

|

encryption

|

password

User System and Passwords: I was looking through MD5 stuff, and I am wondering what is the normal/good practice for passwords. Right now, I think people super encrypt the passwords and store the hashes. If so, how does password checking work? I just have the input password go through the encryption process again and then check the hash with the stored one, correct?

This question may contradict the above, but should my salt ever be a randomly generated value?

© Stack Overflow or respective owner

Related posts about php5

Update php 5.2.0 to 5.2.4 with aptitude

as seen on Server Fault - Search for 'Server Fault'
Hi guy, I would like to update my php 5 in my server. At this moment, I use php 5.2.0 so I want to update it to php 5.2.4 (not php 5.3). I tried to do this: aptitude update aptitude upgrade 63 packets were updated but not php which is always in 5.0 How can I update my php please ? Here is the… >>> More
Failed upgrade of PHP on Ubunutu 12.04, error: Sub-process /usr/bin/dpkg returned an error code (1)

as seen on Server Fault - Search for 'Server Fault'
I just tried to upgrade my version of PHP on Ubuntu 12.04 and now I have messed it up. First I did this: sudo add-apt-repository ppa:ondrej/php5-oldstable Then I did this: sudo apt-get update Then finally I did this: sudo apt-get install php5 And now I am getting an error message about Sub-process… >>> More
Adding a CLI for PHP5 on live server

as seen on Server Fault - Search for 'Server Fault'
I want to add command-line support for PHP5 on my server. When I run aptitude install php5-cli I get a message saying that my PHP modules/packages have unmet dependencies. Here is a list of packages that suffer from these "unmet dependencies" and needs and upgrade: php5-gd php5-curl php5-mysql php5-cgi They… >>> More
Update packages on very old ubuntu

as seen on Server Fault - Search for 'Server Fault'
I want to add Mysqli support to a machine running: Server Version: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 I would rather not update more things then I need to. I run the following: sudo apt-get install php5-mysql However, as the ubuntu version is old I get the following. WARNING: The following… >>> More
Downgrade form php5 5.3.10 to php5 5.3.2 in ubuntu 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
i wanted to install php5 5.3.2, so first deleted all the php5 files sudo apt-get purge php5 php5-cli php5-common php5-mysql and also delete the deb files form /var/cache/apt/archives so now there is no deb file on the system then i add this person repository sudo apt-add-repository ppa:sushkov/personal because… >>> More

Related posts about encryption

SQL SERVER – History of SQL Server Database Encryption

as seen on SQL Authority - Search for 'SQL Authority'
I recently met Michael Coles and Rodeney Landrum the author of one of the kind book Expert SQL Server 2008 Encryption at SQLPASS in Seattle. During the conversation we ended up how Microsoft is evolving encryption technology. The same discussion lead to talking about history of encryption tools in… >>> More
Encryption is hard: AES encryption to Hex

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've got an app at work that encrypts a string using ColdFusion. ColdFusion's bulit-in encryption helpers make it pretty simple: encrypt('string_to_encrypt','key','AES','HEX') What I'm trying to do is use Ruby to create the same encrypted string as this ColdFusion script is creating. Unfortunately… >>> More
Confused about encryption with public and private keys (which to use for encryption)

as seen on Stack Overflow - Search for 'Stack Overflow'
I am making a licensing system when clients ask my server for a license and I send them a license if they are permitted to have one. On my current system I encrypt the license using a single private key and have the public key embedded into the client application that they use to decrypt the license… >>> More
Encryption Product Keys : Public and Private key encryption

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to generate and validate product keys and have been thinking about using a public/private key system. I generate our product keys based on a client name (which could be a variable length string) a 6 digit serial number. It would be good if the product key would be of a manageable length… >>> More
Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an idea for encryption that I could program fairly easily to encrypt some local text file. Given that my approach is novel, and does not use any of the industry standard encryption techniques, would I be able to test the strength of my encryption using 'cracker' apps or suchlike? Or do all… >>> More