Jump to content

Recommended Posts

Hi, I am using PBKDF2 to crypt my passwords, but I am not sure whether or not I am using it correctly.

I create a random 32 character string and use it as salt, and use it to crypt the password, then I store both the encrypted password and the salt into the database. Is this the correct way to use the PBKDF2 crypting?

 

Also, for my remember me feature I store the encrypted password and the user ID into a cookie which is used to log the user in. This method doesn't look very secure to me for some reason. Is there a better way to implement the remember me feature?

Link to comment
https://forums.phpfreaks.com/topic/276916-security/
Share on other sites

http://php.net/manual/en/function.hash-pbkdf2.php

 

 


Caution

The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt().

Link to comment
https://forums.phpfreaks.com/topic/276916-security/#findComment-1424628
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.