Jan Walraven
DevOps



Categories:
  • Arduino (2)
  • CSS (3)
  • Docker (10)
  • ESXi (1)
  • Git (4)
  • Google Cloud (2)
  • Javascript (6)
  • Linux (31)
  • Mac (6)
  • Magento (4)
  • Mysql (13)
  • PHP (9)
  • Zend framework 2 (9)
  • Posted on July 26, 2013

    Howto safely store a password using ZF2

    • MD5() + salt is not secure anymore, dictionary attacks can be performed much faster with modern CPU + cloud environments
    • A secure alternative is the bcrypt algorithm
    • Bcrypt uses Blowfish cipher + iterations to generate secure hash values
    • Bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
    
    //add this to your class
    use ZendCryptPasswordBcrypt;
    
    //Setup the encryption class
    $bcrypt = new Bcrypt();
    
    //Encrypt the password
    $hash = $bcrypt->create('password');
    
    //Verify password
    if ($bcrypt->verify('password', $hash)){
    	//correct password
    }