Shopping Cart Operations > Security
Password hashing
byeh:
I was looking at the password hashing and it uses md5.
Isn't that not that secure, wouldnt using bycrpyt be better?
abolabo:
AbanteCart use md5 for password with "salt". It prevents finding collisions of encrypted passwords by stolen database dump.
eCommerce Core:
MD5 is very secure to the purpose it serves. There is salt key that is used together with MD5.
There are some downsides in using bycrpyt.
Check this discussion:
http://security.stackexchange.com/questions/61385/the-brute-force-resistence-of-bcrypt-versus-md5-for-password-hashing
eCommerce Core:
--- Quote from: abolabo on August 18, 2015, 06:57:52 AM ---AbanteCart use md5 for password with "salt". It prevents finding collisions of encrypted passwords by stolen database dump.
--- End quote ---
Even if database is stolen, passwords will not be readable. MD5 is one way encryption.
There is no way passwords will be leaked in open form.
byeh:
Thanks for answering, was always wondering about why md5 over bycrypt, wasn't able to find a clear answer before.
Navigation
[0] Message Index
[#] Next page
Go to full version