dannon Posted April 13, 2013 Share Posted April 13, 2013 Hi, I am using PBKDF2 to crypt my passwords, but I am not sure whether or not I am using it correctly. I create a random 32 character string and use it as salt, and use it to crypt the password, then I store both the encrypted password and the salt into the database. Is this the correct way to use the PBKDF2 crypting? Also, for my remember me feature I store the encrypted password and the user ID into a cookie which is used to log the user in. This method doesn't look very secure to me for some reason. Is there a better way to implement the remember me feature? Quote Link to comment https://forums.phpfreaks.com/topic/276916-security/ Share on other sites More sharing options...
jcbones Posted April 14, 2013 Share Posted April 14, 2013 http://php.net/manual/en/function.hash-pbkdf2.php Caution The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt(). Quote Link to comment https://forums.phpfreaks.com/topic/276916-security/#findComment-1424628 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.