Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Dec 2009
    Posts
    84
    Thanks
    6
    Thanked 3 Times in 3 Posts

    stronghold password???

    how do you create a strong password?

    let say using MD5, sha1, salt, base64, hash etc... or combine of them or what?
    and please type the sample
    Thank You
    Best Regards,

  • #2
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,132
    Thanks
    12
    Thanked 332 Times in 328 Posts
    you create a strong password by

    - not using words (of any language)
    - not using combinations (e.g. birthdate)
    - a healthy mix of upper/lower case letters, numbers and special characters (@, $, %, etc.)

  • #3
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,285
    Thanks
    4
    Thanked 201 Times in 198 Posts
    I'm a big fan of pass phrases rather than arbitrarily limited lengths of "words" of some combination. A sentence is a lot easier to remember than a sequence of meaningless letters, numbers and other characters.
    Dave .... HostMonster for all of your hosting needs

  • #4
    New Coder
    Join Date
    Dec 2009
    Posts
    84
    Thanks
    6
    Thanked 3 Times in 3 Posts
    ok, as a webmaster or administrator of website how do you protect your password page? another people maybe use e.g:
    PHP Code:
    $str=$_POST['password'];
    $pwd=md5($str); 
    another one e.g.
    PHP Code:
    $pwd hash_hmac('sha512'$salt $password $pepper$key); 
    The $key would be a value in the database that is unique to each user. The $salt and the $pepper are randomly generated strings. The $password is the password of course.

    and what tricky do you have?
    Regards
    Last edited by sir.jones; 01-20-2010 at 05:09 PM.
    Best Regards,

  • #5
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    Use a salt and SHA256 or SHA512
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)

  • #6
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by sir.jones View Post
    ok, as a webmaster or administrator of website how do you protect your password page? another people maybe use e.g:
    PHP Code:
    $str=$_POST['password'];
    $pwd=md5($str); 
    Don't use MD5, it is considered compromised these days. Especially without using a salt since it would make it especially vulnerable to rainbow table attacks.
    OracleGuy

  • #7
    New Coder
    Join Date
    Dec 2009
    Posts
    84
    Thanks
    6
    Thanked 3 Times in 3 Posts
    Ok all, nice suggestions...
    so what do you know until these day the weaknesses and advantage each of them
    1. md5
    2. sha1, sha256, sha512
    3. base64_encode
    4. hash
    6. salt
    7. another else
    ???
    Best Regards,

  • #8
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Well those aren't all the same thing.

    MD5, SHA1, SHA256 and SHA512 are different one way hashing algorithms. base64_encode is just an encoding scheme for character data.

    A salt is data you add onto the actual data you are going to hash to help prevent someone using a rainbow table to figure out what data you hashed.
    OracleGuy


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •