Comments on: How to encrypt user info with php http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/ Tutorials and tips for improving your website Mon, 15 Mar 2010 22:47:28 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Master Of Disaster http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-997 Master Of Disaster Wed, 01 Apr 2009 21:07:22 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-997 Great Tut! when are you guys gonna add more tutorials to this site? Great Tut!

when are you guys gonna add more tutorials to this site?

]]> By: Rekkx http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-510 Rekkx Wed, 04 Feb 2009 15:22:05 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-510 Another issue you may want to consider is the effectiveness of MD5 as a hash function. It's recently been proven that MD5 can have 'collisions' and as such, should not be used to hash sensitive data. It's a small, but significant security threat. I recommend using the tried and tested SHA-1 hash which is far, far less likely to have any collisions. It's been proved mathematically that SHA-1 can have collisions but as yet, no viable way of finding them has been publicly issued. Another issue you may want to consider is the effectiveness of MD5 as a hash function.

It’s recently been proven that MD5 can have ‘collisions’ and as such, should not be used to hash sensitive data. It’s a small, but significant security threat.

I recommend using the tried and tested SHA-1 hash which is far, far less likely to have any collisions. It’s been proved mathematically that SHA-1 can have collisions but as yet, no viable way of finding them has been publicly issued.

]]> By: Unreal Media http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-215 Unreal Media Wed, 12 Nov 2008 15:14:10 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-215 Nice tutorial, ill give it a go. Nice tutorial, ill give it a go.

]]> By: CristianDeluxe http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-210 CristianDeluxe Wed, 13 Aug 2008 16:29:38 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-210 Sorry for my bad English. Good post. Greetings from Spain. #3 If you need to change the nick you can regenerate the hash and save it again to database it's easy!. Other option is have a string saved in your "settings.php" file and use it for generate the hash. Sorry for my bad English.

Good post. Greetings from Spain.

#3 If you need to change the nick you can regenerate the hash and save it again to database it’s easy!.

Other option is have a string saved in your “settings.php” file and use it for generate the hash.

]]> By: Vahur http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-206 Vahur Tue, 29 Jul 2008 19:32:14 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-206 Salt is a good idea, but i also would not use username for it. Salt is a good idea, but i also would not use username for it.

]]> By: vishlal parmar http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-204 vishlal parmar Tue, 22 Jul 2008 07:59:46 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-204 a good tutorial for the novice learner like me a good tutorial for the novice learner like me

]]> By: Weekend Link Roundup: Week 14 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-202 Weekend Link Roundup: Week 14 Sat, 05 Jul 2008 14:02:26 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-202 [...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. [...] [...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. [...]

]]> By: Weekend Link Roundup: Week 13 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-200 Weekend Link Roundup: Week 13 Fri, 04 Jul 2008 04:50:55 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-200 [...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. SHARETHIS.addEntry({ title: "Weekend Link Roundup: Week 13", url: "http://www.marksanborn.net/links/weekend-link-roundup-week-13/" }); What next? [...] [...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. SHARETHIS.addEntry({ title: “Weekend Link Roundup: Week 13″, url: “http://www.marksanborn.net/links/weekend-link-roundup-week-13/” }); What next? [...]

]]> By: Mark http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-199 Mark Fri, 04 Jul 2008 04:47:45 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-199 For added security you should add salt anyways. :) For added security you should add salt anyways. :)

]]> By: Scott http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/comment-page-1/#comment-198 Scott Fri, 04 Jul 2008 03:33:39 +0000 http://www.upgradetheweb.com/2008/06/16/how-to-encrypt-user-info-with-php/#comment-198 Or you just reset their password when they change their username too. Odds are your script is going to update username and password at the same time anyways. Also, any reason why you chose crypt and md5 together? Just curious Or you just reset their password when they change their username too. Odds are your script is going to update username and password at the same time anyways.

Also, any reason why you chose crypt and md5 together? Just curious

]]>