Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
Salting Your Password: Best Practices?
The company I work for is building a social network (like many other people are). While working on the user login system I was unsure what sort of hashing to use. I know never to use md5. I have an interesting way of working with sha512 and whirlpool and a changing salt. My boss says he may want to have users finacal data connected with there login info. The language is PHP just to let you know.
I’ve recently seen Blowfish recommended as a best practice for password hashing, on the basis that it’s slower than the SHA family so it makes brute-force guessing attacks less practical. According to Wikipedia, OpenBSD uses it for this reason.
You might also consider implementing support for OpenID so users don’t have to store a password on your site at all. (That’d be a nice optional feature for a social network, though it may not be acceptable for a financial site, e.g. for regulatory reasons.)