Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by limitphp

  1. I'm really new to this, but what is a short-length collision? What about using sha256?
  2. There's not really much point in setting passwords if the users can simply click a link and change it without doing something to prove who they are.... But I seem to recall an early version of Windows Lite called "Joe" which used exactly that principle. If the user got their password wrong three times in succession, it assumed they'd forgotten it and allowed them to simply reset it I mean, send a link to their email address. So, only the user with that email address would know the link. And then from there, let them create a new password. I'm not sure how to do that yet. I assume you could create a page that takes in a querystring. And the value of that querystring could be a long uniqueID?
  3. I guess if they forget their password, just let them click a link and change their password. There's no reason why they even need to know it again if they forget it.
  4. Good point, I didn't even think about that. Request your password if you forget it. So, should you ever store a hashed passowrd in your database? So, Mchl, if you store hashed passwords in your USER table, you won't be able to send a password to a user if they forgot it. Also, why char and not varchar?
  5. also, how long should the salt be? is something like k2jhaq895kjh6z0 good? about 15 characters long? 128....dang.....is that going to slow things down as you get into the 10,000 user range..... why char and not varchar?
  6. Ok, so if I use this, what type should my password field be and how long should I make it? ex) varchar (50)
  7. I see. Thanks for the info. So, how do you hash? say I have $password and $salt How do you hash it?
  8. I see one thing, after reading that article you linked to, Mchl. If a hacker can get access to your database, is it likely that they can probably get access to your php files too? Thus seeing your method of how you hash and what your salt is equal to?
  9. So, when a user registers on my site, and I send the info to be INSERTED into the database. I should encrypt it and salt it in the INSERT statement? So, inside the table users, passwords will be stored encypted and salted....
  10. When a user registers on my site, and I send the info to be INSERTED into the database. Should I encrypt it in the INSERT statement? ex: mysql_query("INSERT INTO user (username, password, fname, lname, email, date) VALUES ('$username', 'md5(sha1(sha1($password)))', '$fname', '$lname', '$email', DATE_ADD(NOW()))"); I figured it'd be easier to just ask in this thread instead of starting a new one.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.