A
Anonymous
Guest
Whats the best way to upgrade this script to the latest security standards in 2020,
mcrypt_create_iv() is now deprecated & the tutorial that I have been copying login/registration
info from is from 2013. All the other information is great & has helped my learn OOP
very quickly, however the security standards have moved on since then & I am
stuck on episode 14. Comments in the video suggested using bin2hex(16) to replace the old function,
but I'm sure there is a better way. I tried openssl_random_psuedo_bytes(32)
but I don't think my database can handle this information correctly even though i have the
charset/encoding set to utf8mb4_general_ci which should be able to handle nearly all characters.
reading this question: https://stackoverflow.com/questions/41272257/mcrypt-is-deprecated-what-is-the-alternative
has left me with more questions than answers & I'm farely
sure all the information contained in here is also out of date
found this question also https://stackoverflow.com/questions/2048281/best-hash-algorithm-to-use-in-php-mysql
but again this is over 10 years old. Can anyone add links or docs for what to do in feburary 2020?
Also which algorythm should I be using for the Salt?
Any help or links would be greatly appreciated.
Can't search this forum by date as far as I'm aware so a bit lost until I find other answers.
Answers that I'm looking into or further researching are
PBKDF2, bcrypt or scryp,
interesting Questions to read listed below;
https://crypto.stackexchange.com/questions/28986/what-is-tiger192-4-in-php
https://crypto.stackexchange.com/qu...-libsodium-cryptobox-keypair-with-crypto-sign
https://crypto.stackexchange.com/qu...cryption-is-this-homebrew-encyption-algorithm
I've not found an answer yet, But I have got Data to submit to the DB which is a step forwards, however my
Salt is only 4 characters long for some reason? using bin2hex(64);
Also this code block is not producing different results for each iteration, tested in my DB registereing two users with different Names but identical passwords, both Hashes are exactly the same in the DB & as far as I am aware this is undeireable.
The php docs suggest using random_bytes() but i'm farely sure theres gotta be a stronger alternative to this? Can anyone help?
Maybe
Any Suggestions?
mcrypt_create_iv() is now deprecated & the tutorial that I have been copying login/registration
info from is from 2013. All the other information is great & has helped my learn OOP
very quickly, however the security standards have moved on since then & I am
stuck on episode 14. Comments in the video suggested using bin2hex(16) to replace the old function,
but I'm sure there is a better way. I tried openssl_random_psuedo_bytes(32)
but I don't think my database can handle this information correctly even though i have the
charset/encoding set to utf8mb4_general_ci which should be able to handle nearly all characters.
reading this question: https://stackoverflow.com/questions/41272257/mcrypt-is-deprecated-what-is-the-alternative
has left me with more questions than answers & I'm farely
sure all the information contained in here is also out of date
Code:
<?php
class Hash{
public static function make($string, $salt =''){
return hash('sha256', $string, $salt);
}
public static function salt($length){ // ::>> mcrypt is now deprecated trying openssl..
return openssl_random_psuedo_bytes(16);
// return mcrypt_create_iv($length);
// tried bin2hex(32);
}
public static function unique(){
return self::make(uniqid());
}
}but again this is over 10 years old. Can anyone add links or docs for what to do in feburary 2020?
Also which algorythm should I be using for the Salt?
Any help or links would be greatly appreciated.
Can't search this forum by date as far as I'm aware so a bit lost until I find other answers.
Answers that I'm looking into or further researching are
PBKDF2, bcrypt or scryp,
interesting Questions to read listed below;
https://crypto.stackexchange.com/questions/28986/what-is-tiger192-4-in-php
https://crypto.stackexchange.com/qu...-libsodium-cryptobox-keypair-with-crypto-sign
https://crypto.stackexchange.com/qu...cryption-is-this-homebrew-encyption-algorithm
I've not found an answer yet, But I have got Data to submit to the DB which is a step forwards, however my
Salt is only 4 characters long for some reason? using bin2hex(64);
Also this code block is not producing different results for each iteration, tested in my DB registereing two users with different Names but identical passwords, both Hashes are exactly the same in the DB & as far as I am aware this is undeireable.
The php docs suggest using random_bytes() but i'm farely sure theres gotta be a stronger alternative to this? Can anyone help?
Maybe
Code:
private $_string = s_int(bin2hex(open_ssl_random_psuedo_bytes(128)))
$string = substr($_string,0,32);Any Suggestions?