dannon Posted April 13, 2013 Share Posted April 13, 2013 Hi, I am using PBKDF2 to crypt my passwords, but I am not sure whether or not I am using it correctly. I create a random 32 character string and use it as salt, and use it to crypt the password, then I store both the encrypted password and the salt into the database. Is this the correct way to use the PBKDF2 crypting? Also, for my remember me feature I store the encrypted password and the user ID into a cookie which is used to log the user in. This method doesn't look very secure to me for some reason. Is there a better way to implement the remember me feature? Link to comment https://forums.phpfreaks.com/topic/276916-security/ Share on other sites More sharing options...
jcbones Posted April 14, 2013 Share Posted April 14, 2013 http://php.net/manual/en/function.hash-pbkdf2.php Caution The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt(). Link to comment https://forums.phpfreaks.com/topic/276916-security/#findComment-1424628 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.