php - Any reason not to use bcrypt on email addresses? -

-

login form i'm working on right uses user email address , password login. thinking, there reason why shouldn't want use bcrypt on email addresses as:

$email_hash = password_hash($email, password_default);

i know it's intended passwords, what? should work on emails well... if email used login, shouldn't hashed/salted password? know isn't standard practice, never understood why.

i don't need know user's email addresses. mean, it's not i'm gonna chat them. maybe when user gets banned should inform them email, why bother informing outlaws in first place.

you need email address lookup user record.

typically this:

function create_account(email, password) {     var pwhash = password_hash($password, password_bcrypt);     // insert users values ($email, $pwhash); }  function login(email, password) {     // select pwhash users email = $email;     return password_verify($password, $pwhash); // true or false }

password_hash($email) return different value because bcrypt includes salt in hash.

from wikipedia:

for example, [bcrypt hash] $2a$10$n9qo8uloickgx2zmrzomyeijzagcfl7p92ldgxad68ljzdl17lhwy specifies cost parameter of 10, indicating 210 key expansion rounds. salt n9qo8uloickgx2zmrzomye , resulting hash ijzagcfl7p92ldgxad68ljzdl17lhwy.

or php docs:

note password_hash() returns algorithm, cost , salt part of returned hash. therefore, information that's needed verify hash included in it. allows verify function verify hash without needing separate storage salt or algorithm information.


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more