You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Learning more about password hashing I see that MD5 is no longer considered safe when it comes to password hashing. Even when adding salts. Bcrypt or a similar adaptive algorithm is a better choice. I have been looking into implementing that.
Yes, we know that. Our goal is to release the first version of the module, very soon. For the next release we will change the password hashing. Thank you very much for the links and the suggestion!
Learning more about password hashing I see that MD5 is no longer considered safe when it comes to password hashing. Even when adding salts. Bcrypt or a similar adaptive algorithm is a better choice. I have been looking into implementing that.
Some links:
http://stackoverflow.com/questions/11168575/why-is-md5-still-widely-used
http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php
http://www.php.net/manual/en/function.password-hash.php
https://github.com/ircmaxell/password_compat
http://codahale.com/how-to-safely-store-a-password/
The text was updated successfully, but these errors were encountered: