Increase password hash strength - Githubissues

ilosuna / phpsqlitecms

phpSQLiteCMS is a simple and lightweight web content management system based on PHP and SQLite.

phpsqlitecms.net

MIT License

138 stars 75 forks source link

Increase password hash strength #26

Closed alainlamar closed 9 years ago

alainlamar commented 9 years ago

This pull request proposes the use of the de-facto standard of password hashing used by many Linux distributions. This makes cracking attempts way more costy. Strength depends on the number of hashing rounds which is configurable by adjusting the "rounds=5000" substring on line 14. The more rounds, the stronger the resulting hash.

altered generate_pw_hash to produce SHA-512 hashes (unix type 6)
altered is_pw_correct to check against the old and against the new hashes. Backward compatibility is preserved.

ilosuna commented 9 years ago

Thank you, implemented your modification!