More Secure Passwords

Initially, I was using the SHA1 hashes for passwords. But after reading some articles about password safes being stolen and what hackers can do to decrypt them, I decided to use a more secure password scheme. I decided to salt the passwords.
You can read more about them here.

Basically, a salted password is one where a string is prepended or appended to the password before being hashed. This string is the salt. You can use the same salt for all passwords but it’s a little more secure to use a random salt for each password. So the random salt is added to the password, then hashed, then the salt is appended to the password (or kept elsewhere) so you can verify a password when it’s later entered.

Fortunately, you don’t have to do this all yourself.
The Apache authentication module will accept salted passwords including MD5 as previously mentioned here.
All you have to do is salt and hash them and store them in the database. Apache will verify the passwords later. And there are a lot of open source code for salting and hashing your password using the MD5 approach. Here’s the one I used called MD5Crypt.

Advertisements
Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: