Implement more secure password-hashing

[GoogleCodeExporter]

According to this relevant page on the official PHP wiki, the hashing used in 
CandyDollDB is not as secure as it could be:

https://wiki.php.net/rfc/password_hash

It tells us that "Hash(password + salt) Is [NOT] Fine".

Added advantage of the new API is an automatic salting and automatic processing 
of hashes/passwords.

Only drawback at this time is that the patch is not yet part of PHP and will 
not be widely available for some time. Should we therefore take it up ourselves 
to enhance the hash-strength in CandyDollDB?

Original issue reported on code.google.com by fwp...@gmail.com on 14 Sep 2012 at 10:40

[GoogleCodeExporter]

password hashing is way beyond my experience with coding. Is there a timetable 
as to when the API will be patched into PHP?

One thing to think of though is how is the end user using CDDB. Most users I 
assume are using it on a private offline server, or maybe an online server 
hidden behind HTTP authentication. 

But either way how would we enhance the strength of the hash functions in the 
meantime

Original comment by mranimos...@gmail.com on 14 Sep 2012 at 8:02

[GoogleCodeExporter]

Original comment by fwp...@gmail.com on 25 Sep 2012 at 10:22

• Added labels: Type-Enhancement
• Removed labels: Type-Defect