[UPHPU] storing passwords
Jon Jensen
jon at jenseng.com
Tue Apr 29 12:41:06 MDT 2008
On a semi-related note, I recommend storing the password hash as raw
binary data in the db instead of a hex string ... it'll take up half as
much space that way.
Jon
Scott Hill wrote:
> On Tue, Apr 29, 2008 at 10:10 AM, Wade Preston Shearer <
> lists at wadeshearer.com> wrote:
>
>> I have recently written a users class that will manage user accounts for
>> our various web applications and would like some feedback on how I was
>> generating, storing, and validating user passwords.
>>
>> http://rafb.net/p/jW0XR647.html
>>
>>
>>
> I pity the poor sucker who tries to hack your passwords! I use sha1 now
> instead of md5 for passwords. It means a bigger password column in the
> database but for some reason it make me feel more sure. Maybe I'm just
> insecure myself.
>
> http://en.wikipedia.org/wiki/SHA1
> http://us3.php.net/sha1
>
More information about the UPHPU
mailing list