This topic is locked
[SOLVED]

 Password encryption

8/26/2018 6:27:27 PM
PHPRunner General questions
M
MikeT author

Anyone already analyzed the details of phpR's bcrypt-ing of passwords? Otherwise I'll probably have to dive into the source (I need to provide more details for an application I'm planning to build).

gehrenfeld 8/27/2018

Not sure what your asking here.
password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt().
Give me a little more detail and I will see if I can answer it for you.

M
MikeT author 8/27/2018



Give me a little more detail and I will see if I can answer it for you.


Thanks. I'll probably just have to read up some more on bcrypt and peek at the code anyway, depending on the documentation requirements I'll be facing.

Question was too unspecific and early, sorry, had only experience with sha512+salt so far. I'll probably just have to document what libraries are used, rounds etc., I'll dig a little bit.
Michael

admin 8/27/2018

Question doesn't make much sense to me either.
PHPRunner uses PHP's password_hash() function with BCRYPT option. That is all.

http://php.net/manual/en/function.password-hash.php

M
MikeT author 8/28/2018



Question doesn't make much sense to me either.
PHPRunner uses PHP's password_hash() function with BCRYPT option. That is all.

http://php.net/manual/en/function.password-hash.php


Yeah, I'm sorry, was a bit overwhelmed after having contact with security people that I'll have to report to...

I guess phpR uses the default of 10 for the cost option? Anyway I'll check also myself in the code, you might just delete the thread.
Michael