abcphp.com

Discover the best of PHP

Security »

2

Vote

Just Hashing is Far from Enough – How to Position against Dictionary and Rainbow Table Attacks

It goes without saying that sensitive information such as passwords or pass phrases should never be stored in plain text in the database in the first place. The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the database. If they are identical, the password is the same because the chance of 2 distinct strings having the same hash string is so low that it’s mathematically impossible.

Posted by girish.r 1176 days ago (http://www.kavoir.com)
Discuss | | Bury | Tweet This | Tagged: hashing dictionary rainbow Add To

Read the full article

Who Voted for this Story

Recently Published

8 votes | Final Part - Customizing AWS Elastic Beanstalk
6 votes | very simple code for hide and show in css3
4 votes | Websockets with php – tutorial on basics
12 votes | Herzult/SimplePHPEasyPlus · GitHub
13 votes | LiveRebel 2.6 Sneak Peek: Automated Deployments Go Polyglot

Most Comments

7 comments | OpenCart CSRF Vulnerability « Ben Maynard's blog
2 comments | XMLHttpRequest and AJAX for PHP programmers
2 comments | Run PHP on the Google App Engine
2 comments | Speeding up your PHP scripts
1 comments | 5 Tools Every PHP Developer Should Master | Postcards From My Life

Most Votes

24 votes | CONFIRMED: Facebook Gets Faster, Debuts Homegrown PHP Compiler
21 votes | How To: Installing LAMP On Ubuntu For Newbies
21 votes | MINIMIZE HTTP REQUESTS – BEST PRACTICE
20 votes | php|tek 2009
20 votes | PHP 5.2.9 Released!