Help to recover password from an unknown hash type
#12
(01-06-2015, 12:15 PM)epixoip Wrote: Ah ok. Well, hopefully we've provided enough comments for you to present an accurate risk assessment. It's certainly not the worst scheme we've seen, but it's definitely not good at all. There are a lot of problems with this code.

Since this app uses php, there's absolutely no reason to not use password_hash() if you're on php >= 5.5, or crypt() with CRYPT_BLOWFISH if you're using an earlier version. That's the proper way to do things.

And if you do actually want a shot at cracking the passwords, it would be trivial to write your own cracker for this.

Thanks guys,

For sure will recommend that to dev team.


Messages In This Thread
RE: Help to recover password from an unknown hash type - by azren - 01-07-2015, 06:51 AM