Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security password
#1
Dear Admin,

I downloaded newest version 3.3.16 and saw that the password encode still use sha1 in passhash function. If I am not wrong now we have new password encode in PHP is password_hash() with higher security. Is it possible to use in new version 3.4? I tried to decode the sha1 password hash and password_hash online, some website they can decode password from sha1 but don't have any website can decode password_hash(). This is just my idea.

Thank for your great job.
Reply
#2
Hi nguyentriquang,

GetSimple has the ability to use salted passwords.

You know this makes it much harder for cracking attempts to succeed,
not to say impossible for hackers without million dollar computer parks.
And even then it would take just too many years. So no problem here.


Read more about GetSimple salted passwords here:
http://get-simple.info/wiki/how_to:chang...ord_salted

F.
Reply
#3
sha1 is no longer up to date and should not be used anymore, no matter salt used or not.
Reply
#4
Quote:sha1 is no longer up to date and should not be used anymore, no matter salt used or not.

Show me a cracked salted sha1, then we talk.
Reply
#5
I didn't say I can crack it, I said it is deprecated and should not be used. There are more modern alternatives for storing password hashes.
Reply




Users browsing this thread: 1 Guest(s)