Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted March 6, 201311 yr It may be worth moving to bring the password features being added to PHP 5.5 into IPS4. Here's a library that brings the features forwards into PHP 5.3.7+ https://github.com/ircmaxell/password_compat These methods use BCRYPT by default for hashing passwords. P.S. It is MIT licensed.
March 6, 201311 yr Author We plan to use different functions than MD5 for password storage. In that case then. this is a good future proof way, since it gives you the ability to change hash algorithm with ease.
March 6, 201311 yr i think md5 + salt is a great way for hash the password that IPB using it ( md5(md5(pwd) . md5(salt)) )
March 6, 201311 yr Our minimum requirement is 5.3.0+. That library requires 5.3.7+ you said, so what you are looking at doesn't sound possible based on minimum requirements alone.
March 6, 201311 yr Author Our minimum requirement is 5.3.0+. That library requires 5.3.7+ you said, so what you are looking at doesn't sound possible based on minimum requirements alone. That's related to Version Description 5.3.7 Added $2x$ and $2y$ Blowfish modes to deal with potential high-bit attacks. Realistically you're requiring 5.3+, I can't imaging anyone would want to use a lower version 5.3.7 anyway.
March 6, 201311 yr i think md5 + salt is a great way for hash the password that IPB using it ( md5(md5(pwd) . md5(salt)) ) seems i'm wrong :sweat: http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php?answertab=oldest#tab-top
March 18, 201311 yr That's related to Version Description 5.3.7 Added $2x$ and $2y$ Blowfish modes to deal with potential high-bit attacks. Realistically you're requiring 5.3+, I can't imaging anyone would want to use a lower version 5.3.7 anyway. Our minimum requirement is 5.3.0. If it requires 5.3.7, we can't make use of it.
Archived
This topic is now archived and is closed to further replies.