Fork me on GitHub

Changes for #214

Description changed by Smartys (2010-12-14 01:55:38)

 1:  1:
 [url]http://codahale.com/how-to-safely-store-a-password/[/url] [url]http://codahale.com/how-to-safely-store-a-password/[/url]
  
 Take-aways: Take-aways:
 A. We should be using per-user salts. A. We should be using per-user salts.
 B. We should be using a function like bcrypt (in PHP, that's crypt using CRYPT_BLOWFISH). B. We should be using a function like bcrypt (in PHP, that's crypt using CRYPT_BLOWFISH).
  
-Switching to this solution would cause a slight performance hit on pages where password hashing is necessary (although the exact cost is configurable) but would also make it infeasible to brute force passwords for FluxBB (for more exact numbers, check out the page I linked to at the top).+Switching to this solution would cause a slight performance hit on pages where password hashing is necessary (although the exact cost is configurable) but would also make it infeasible to brute force passwords on a large scale for FluxBB (for more exact numbers, check out the page I linked to at the top).