Shopping Cart Operations > Security

Password hashing

(1/2) > >>

byeh:
I was looking at the password hashing and it uses md5.
Isn't that not that secure, wouldnt using bycrpyt be better?

abolabo:
AbanteCart use md5 for password with "salt". It prevents finding collisions of encrypted passwords by stolen database dump.

eCommerce Core:
MD5 is very secure to the purpose it serves. There is salt key that is used together with MD5.

There are some downsides in using bycrpyt.

Check this discussion:
http://security.stackexchange.com/questions/61385/the-brute-force-resistence-of-bcrypt-versus-md5-for-password-hashing

eCommerce Core:

--- Quote from: abolabo on August 18, 2015, 06:57:52 AM ---AbanteCart use md5 for password with "salt". It prevents finding collisions of encrypted passwords by stolen database dump.

--- End quote ---

Even if database is stolen, passwords will not be readable. MD5 is one way encryption.
There is no way passwords will be leaked in open form.

byeh:
Thanks for answering, was always wondering about why md5 over bycrypt, wasn't able to find a clear answer before.

Navigation

[0] Message Index

[#] Next page

Go to full version
Powered by SMFPacks Social Login Mod