Open opicron opened 2 months ago
This indeed is a good suggestion. I'll see what I can do.
This is how wordpress handles the hashing and salting. I think we can use the same way?
$string_to_hash = 'your_string_here';
$salt = wp_salt();
$salted_string = $salt . $string_to_hash;
$hashed_string = hash('sha256', $salted_string);
// Store the hash and the salt
echo 'Hashed String: ' . $hashed_string;
echo 'Salt: ' . $salt;
// Verifying the string
$string_to_check = 'your_string_here';
$salted_string_to_check = $salt . $string_to_check;
$hashed_string_to_check = hash('sha256', $salted_string_to_check);
if ($hashed_string === $hashed_string_to_check) {
echo 'String is correct!';
} else {
echo 'Invalid string!';
}
Yes, that would be the way to do it. Thanks for sharing the example Robbert. I'll look into this soon.
Updated the sample for regular hashing and salting strings, instead of passwords.
A good measure for some additional compliance to GDPR would be to hash and salt the IP addresses.
Of course with a fulll compromize this would be insufficient to protect the IP but for a regular DB dump where the salt and hash is not taken from the wordpress files it would give a layer of protection.