You are reading a single comment by @mashton and its replies.
Click here to read the full conversation.
-
What's a salted hash? (serious question)
non serious statement : it does sound yummy.
(serious question) :is it the user that needs to have salted hash passwords? Or is it the dev side? -
Whatever else I have forgotten.
Don't even think about implementing your own bit of code to handle passwords unless you really, really, really, really need to?
ChainBreaker
frankenbike
@mashton
Agreed to the one upmanship, let's just say that we are having a nice chat? For the benefit of other people reading this, rather than for ourselves.
Anyway, for those who may not realise it:
Don't reject any characters in passwords.
Don't put a (needless) upper limit on the length of passwords.
Do hash your passwords before storing.
Do salt your hashes.
Do store the salted hashes in the DB.
Do ensure that your DB can store any value created by your hash function.
Do compare hashes when authenticating.
Whatever else I have forgotten.