English Deutsch

Hashing passwords

Sooner or later, most websites have to implement a login system of some kind. At this moment at latest, it is inevitable to think about how the passwords can be stored safely. Even big and well-known internet portals stumble over this challenge again and again, and the internet provides a lot of bad or outdated examples (this article was last updated in 2016).

I reworked a presentation of this topic to a tutorial. It is an attempt to present the necessary steps, so that all should understand them, security comes from understanding after all. The tutorial allows a bit to play with SQL-injection, and then describes the usage of salt and pepper for hashing.

Tutorial ➩ How to spoil the fish with salt and pepper… happy fish

PHP developers can find example code, how BCrypt can be implemented with PHP.

PHP code ➩ Implementation of BCrypt with PHP

www.martinstoeckli.ch