How to migrate from sha256 encryption to bcrypt for php? -


for login :

$rows       = $sql->fetch(pdo::fetch_assoc); $us_id      = $rows['id']; $us_pass    = $rows['password']; $us_salt    = $rows['password_salt']; $status     = $rows['attempt']; $saltedpass = hash('sha256', "{$password}{$this->passwordsalt}{$us_salt}");

for register :

$randomsalt = $this->rand_string(20); $saltedpass = hash('sha256', "{$password}{$this->passwordsalt}{$randomsalt}");

how can sha256 encryption method converted bcrypt ?

password hashing using bcrypt

if using php 5.5 or later, can use built-in password_hash() function $algo parameter set password_bcrypt create bcrypt hashes. can use so:

$options = array('cost' => 11, 'salt' => 'my_salt'); $hash = password_hash("my_secret_password", password_bcrypt, $options);

migration

it's not possible bulk migration sha256 bcrypt because need original plaintext data (password) isn't available.

typically, sites staged conversion convert users perform successful logins. example:

  1. create field in database password has type, sha256 or bcrypt
  2. upon login, verify password using type in database
  3. if sha256 , successful, create new bcrypt entry using entered password, store , update password type bcrypt. on next login, bcrypt used verification.

Comments

Post a Comment

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

firemonkey - How do I make a beep sound in Android using Delphi and the API? -

after having @ androidapi.jni.media.pas, coded following procedure: uses androidapi.jnibridge, androidapi.jni.media; procedure sound(aduration: integer); implementation procedure sound(aduration: integer); var volume: integer; streamtype: integer; tonetype: integer; tonegenerator: jtonegenerator; begin volume := tjtonegenerator.javaclass.max_volume; streamtype := ? tonetype := tjtonegenerator.javaclass.tone_dtmf_0; tonegenerator := tjtonegenerator.javaclass.init(streamtype, volume); tonegenerator.starttone(tonetype, aduration); end; but can't figure out how set value streamtype? thanks the stream type identify stream on beep must played. integer between 0 , 4 : stream_voice_call (0) stream_system (1) stream_ring (2) stream_music(3) stream_alarm(4)
Read more

jdbc - Not able to establish database connection in eclipse -

i want make new database connection (db2) in eclipse purpose of using jpa. in jpa perspective, in data source explorer view, when try create new db connection, receive following logs when try ping server. org.eclipse.datatools.connectivity.exceptions.dbnotstartexception: no start database command issued. errorcode = -4499, sqlstate = 08001. @ org.eclipse.datatools.enablement.ibm.db2.internal.luw.jdbcluwjdbcconnection.getconnectexception(jdbcluwjdbcconnection.java:74) @ org.eclipse.datatools.connectivity.ui.pingjob.gettestconnectionexception(pingjob.java:81) @ org.eclipse.datatools.connectivity.ui.pingjob.run(pingjob.java:63) @ org.eclipse.core.internal.jobs.worker.run(worker.java:54) caused by: com.ibm.db2.jcc.am.ro: [jcc][t4][2043][11550][4.8.87] exception java.net.connectexception: error opening socket server example.example.com/51.37.93.117 on port 50,000 message: connection timed out: connect. errorcode=-4499, sqlstate=08001 @ com.ibm.db2.jcc.am.gd.a(gd.j
Read more