All geek questions in one place

Password Security It is safe?

I asked a question about password security yesterday ...

I'm new to security ...

I use mysql db, and there I need to store user passwords. I was told in the responses that hashingTHEN saving the HASHED password value is the right way to do this.

So basically I want to check with you guys, this is right now.

This is a website for announcements, and for each category that it places, he must enter a password so that he can subsequently remove the secret code using this password (for example, when the product is sold).

In a file called " put_ad.php", I use a method $_POSTto get the passage from the form. Then I use it and put it in the mysql table. Then, when users want to delete the ad, I check the entered password by hashing it and comparing the hashed value of the entered password with the hashed value in mysql db, right?

BUT, what if, as an administrator, I want to remove the classified one, is there a way to “unleash” the password easily?

sha1 is currently used by btw.

some code is much appreciated.

thank

+3
source share
8 answers

, . .

+6

, , , , SHA, MD5 - , ( , , ). .

+3

, .

, (). , .

php-, , .

+2

, . , , bcrypt .

, , , SSL-. , - , . ...

, , , "" .

+1

, "" . .

- - ; , .

- - - . -, .

0

, , , ! , ( ), , !

, , . , , - -, .. , . . , ( , ) , . "username-anytextonlyknownbyourapp-password" - .

0
source

If the question is "How to unzip the password" - the answer - there is no solution for decoding the hashed value, that is, one of them is to rude it (which means to find the original value by calculating the hash and compare with the base), but it is very slow handle. If the password is "strong", this is an insoluble task.

If the question is "How to manage passwords" - you do not need to use "unhash"

0
source

Source: https://habr.com/ru/post/1744113/

More articles:


All Articles