Creating a database for a small question and answer platform and need a way to attribute or create a password protection scenario for the user table.
Asked
Active
Viewed 89 times
2
-
Use bcrypt with the default arguments. – Neil Smithline Mar 14 '16 at 21:44
1 Answers
-4
If you don't need to know the password but just check, whether or not the user has entered it correctly, store the password as a SHA1-Checksum of the password string (The checksum is obfuscated and cannot be deencrypted by anyone - but if you enter the same string, you'll always get the same checksum). Then, when the user enters the password, just generate the checksum of the entered string and compare it to the one in the database. This is also a common implementation for most online accounts
Namnodorel
- 101
-
2This is an insecure method, as it allows for brute-forcing passwords entirely too easily. See the accepted answer to the "securely hashing passwords" question linked as a duplicate of this question for more secure options. – Xander Mar 14 '16 at 22:17
-
Sites like https://crackstation.net/ will provide instantaneous reversal of common unsalted SHA1 hashes. – Neil Smithline Mar 15 '16 at 00:50