Results 1 to 12 of 12
Oct 19, 2012, 04:56 #1
- Join Date
- Jul 2012
- 0 Post(s)
- 0 Thread(s)
Best method for storing and validating login credentials
I'm relatively new to PHP. Currently I'm using md5() to hash and store passwords. Something like:
$salt = 'SomeSaltString'; //fixed salt $password = 'SomePassword'; $pass = md5($salt . $password);
$hash = crypt('SomePassword', '$2a$07$StrThatIs21Characters$'); //output: $2a$07$StrThatIs21Characters.GDZ.DtvzhBXbOr3S5W68Rh5PFgnomoq
1]. $2a indicates strength level?
2]. $07 something to do with round trips? Please elaborate further on this...
3]. StrThatIs21Characters$ - salt needs to be 22 chars in length including the $. Should this be a fixed salt?? I'm getting conflicting info on this...
These are the important implementation questions:
4]. What part of the output should be stored in the database [in the password column]?
5]. What data type best suits the password column? Perhaps nvarchar?
6]. How should a login attempt be verified when using this method?