Proper password handling for login
Posted
by
piers
on Pro Webmasters
See other posts from Pro Webmasters
or by piers
Published on 2012-06-02T11:45:57Z
Indexed on
2012/06/03
22:47 UTC
Read the original article
Hit count: 246
I have read a lot about PHP login security recently, but many questions on Stack Overflow regarding security are outdated.
I understand bcrypt is one of the best ways of hashing passwords today. However, for my site, I believe sha512 will do very well, at least to begin with. (I mean bcrypt is for bigger sites, sites that require high security, right?)
I´m also wonder about salting. Is it necessary for every password to have its own unique salt? Should I have one field for the salt and one for the password in my database table? What would be a decent salt today? Should I join the username together with the password and add a random word/letter/special character combination to it?
Thanks for your help!
© Pro Webmasters or respective owner