Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Don't even encrypt..
Hash.
Or double hash the salted hash of the peppered password. And don't use a broken hashing algorithm
@linuxxx how am I doing daddy? -
@BambuSource Just use BCrypt with its build in functions, it'll take care of the salt itself :)
-
These are the idiots that are responsible for data breaches. They want to believe they know better than the engineers, but they know sh*t.
-
Jifuna37417y@linuxxx Seriously? I didn't knew that haha. I use bcrypt when I can with a generated salt.
-
Yes, please don't MD5 them. If people get a hold on that DB, they will be cracked in days instead of ... Years, I think. Use bcrypt like linuxxx said.
-
vikaskr13617yTake this in writing. So when in future any data breaches happens and they call you to blame. You can show the written document.
-
hjk10157317yNever suggest plain text storage just say you store it securely unaltered muggles won't know the difference. And when using PHP just use password_hash and password_verify functions (hard to implement that wrong and uses bcrypt at be the moment will be improved over time automatically)
-
elazar10307yAs some wise guy said, the passwords are not yours to store. You shouldn't do this even if your boss tells you to.
Related Rants
-
stackodev50Boss: βOur YouTube channel doesnβt look at all like our website.β Me: βIβve made it look as close t...
-
2nd2NULL14Our website doesn't look the same on phone and desktop. Please remove responsivness.
-
cursee16X: Can you link my Facebook account with the website? Me: Yes. Can. X: Good. I want to update website using ...
In a meeting after I explained that the user passwords will be encrypted before we save them in the database
Them: "Please don't do that, we don't want to change our clients data"
Me: " so we should save the clear text?"
Them: "Yes"
π
rant
wk75