Bye Bye MD5!
Welcome Portable PHP Password Hashing!
Effective today, Skyline Grid has graduated from basic md5 password hashing, to bcrypt, for all passwords generated by the core platform, and all connected applications.
Blowfish-based bcrypt hashing is provided by OpenWall's Portable PHP password hashing framework, a public domain framework providing support for password generation (hashing).
What's the difference between MD5 and bcrypt?
Password hashing is the procedure used to store passwords onto a server. For instance, when creating an account on a popular social network, like Facebook, or Twitter, users will type in a password, which they'll use to log in next time.
Passwords are never stored on a server, or anywhere online, so how do these sites know that the password is correct? Password hashing.
When creating an account on a website, the password is never sent as plain text, but it's "hashed", which means, it's taken through a computing algorithm that takes the password apart, and converts it into a long string of apparently random characters.
These characters are then what's sent, and saved on the server.
When attempting to log in with a password, the website will take the newly entered password, and convert it into a hashed string, with the same process as it was sent during registration. At which point, the two hashed strings will be processed together and compared by the system, and if they match, the user will be granted access.
MD5 password hashes don't change, they are always the same when converted, which is why it's a lot easier for a hacker to crack an MD5 hashed password, with proper tools and computational power.
On the other hand, bcrypt is a lot more secure, as each password that is hashed through this method, results in a completely new set of characters, each time it's hashed.
Hashing versus encryption
There seems to be a bit of confusion when it comes to understanding the difference between password encryption, and password hashing. encryption is expected to take place in most situations where it is appropriate, to protect end-to-end communication between two parties. Encryption is used in all forms of protected communication, such as credit card payment processing, encrypted email and messaging, and in government websites.
Encryption has very little to do with passwords, which is why hashing is more secure than encryption, as encryption can be reversed and de-crypted, while hashing is an irreversible process.
Giving credit when credit's due
The guys at Open Wall did one heck of a job providing with a very portable, clean, elegant and efficient package. The Portable PHP password hashing framework, is not only easy to implement, it's also capable of adapting to different servers using different versions of PHP, to make sure that the most secure hashing method is available.
Skyline Grid upgrade from MD5 to phpass 0.3 is finally complete, and available for users to create accounts using the OpenBSD-style Blowfish-based bcrypt hashing method.
27th December, 2015
27th December, 2015
• You hired a great developer: here is what you need to do, to get your moneys worth.
• Web design shouldnt be a product: it should be a service
• Taking online orders? Here is a crash course on the technology you need
• Three reasons you really want to build your own website, but probably shouldnt
• E-commerce: how much does it cost to sell online?
• Seven Tips on Writing Content for Business
• A perfect example of click bait in content marketing: Apple Pay
• This is why some payment processors are more expensive than others
• Content publishing and public opinion
• Websites pushing unwanted software are finally on Googles Blacklist
• This is why some people want you to believe that the World (Wide Web) is coming to an end.
• Does your business offer Robots on Demand?
• This is why i am a night-owl web developer
• Next Google Search update: Is your website expendable?
• Web hosting gone wrong? Here is three tell-tale signs.
• Three major advantages of built-to-order websites
• The issue with responsive websites on UHD and 4K displays
• Bye Bye MD5! Welcome Portable PHP Password Hashing!