Jan Walraven
DevOps



Categories:
  • Arduino (2)
  • CSS (3)
  • Docker (11)
  • ESXi (1)
  • Git (4)
  • Google Cloud (3)
  • Javascript (6)
  • Kubernetes (4)
  • Linux (36)
  • Mac (7)
  • Magento (4)
  • Mysql (14)
  • PHP (9)
  • Zend framework 2 (9)

    • Howto safely store a password

    Posted on July 26, 2013

    Howto safely store a password using ZF2

    • MD5() + salt is not secure anymore, dictionary attacks can be performed much faster with modern CPU + cloud environments
    • A secure alternative is the bcrypt algorithm
    • Bcrypt uses Blowfish cipher + iterations to generate secure hash values
    • Bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
    
//add this to your class
use ZendCryptPasswordBcrypt;

//Setup the encryption class
$bcrypt = new Bcrypt();

//Encrypt the password
$hash = $bcrypt->create('password');

//Verify password
if ($bcrypt->verify('password', $hash)){
	//correct password
}