Forum FAQForum FAQSearchSearch MemberlistMemberlist Forum ignore listForum ignore list RegisterRegister ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in
Kolko je bitna enkripcija passworda?

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Server-side
View previous topic :: View next topic  
Author Message
Chaby



Joined: 19 Oct 2003
Posts: 132
Location: VG/ Kurilovec

PostPosted: 22.04.2008 13:31    Post subject: Kolko je bitna enkripcija passworda? Add user to your forum ignore list Reply with quote

Ne znam ni kak da pitam... Uglavnom do sad nisam nikad koristio enkripciju passworda za obične njuz skripte i slično. Ali sad radim neki ala portal, pa me zanima kaj mislite kolko je bitno da su passworid kriptirani? Surprised
Back to top
View user's profile Send private message
sinke



Joined: 02 Oct 2005
Posts: 257
Location: Zagreb

PostPosted: 22.04.2008 21:48    Post subject: Add user to your forum ignore list Reply with quote

Kriptiran ili heširan? Misliš kad se šalje ili kako je upisan u bazetinu?

Password nigdje ne bi smio biti zapisan kao takav. Uglavnom se pišu heševi. Pa se heš iz baze (ili gdje ga već držiš) uspoređuje sa hešom onog što je korisnik upisao kod logiranja.

Pitaj gugl za više i detaljnije...

_________________
THE SHTANZIG | Web Do's & Don'ts
Back to top
View user's profile Send private message Visit poster's website Twitter profile
Chaby



Joined: 19 Oct 2003
Posts: 132
Location: VG/ Kurilovec

PostPosted: 22.04.2008 23:02    Post subject: Add user to your forum ignore list Reply with quote

Mislim heš na bazu. Ne znam kolko je bitno da na neki mali display site, bude heširan. Pošto se jedna, možda dve osobe spajaju na tu bazu. Nije to nekaj prekomplicirano, ima hrpa md5 funkcija, ali si mislim... :S
Back to top
View user's profile Send private message
zytzagoo
mi3.crew


Joined: 25 Aug 2003
Posts: 1842
Location: Zagreb, Hrvatska

PostPosted: 23.04.2008 04:48    Post subject: Add user to your forum ignore list Reply with quote

Bitna je. Po mogućnosti hash + salt. Tako da dva ista passworda nemaju isti hash. Plain text
pass u bazi će te prije ili poslije ugrist za dupe... I hashani isto, al ćeš naučit nešto novo i
biti bolji programer or smtn Smile

_________________
[+]I[+]am[+]my[+]own[+]religion[+]
Back to top
View user's profile Send private message Visit poster's website Twitter profile
strija



Joined: 14 Sep 2003
Posts: 473
Location: Čakovec

PostPosted: 23.04.2008 15:21    Post subject: Add user to your forum ignore list Reply with quote

Kako bi to 2 ista passworda imala razliciti hash? Mozes malo pojasniti ako nije problem?
Ja recimo imam nesto ovako md5(md5($password) . $salt) ali tako je hash uvijek isti.

_________________
We can exist in ambiguity, but it means the deepest loneliness. | creolab.hr | thefarewellreason.com
Back to top
View user's profile Send private message Visit poster's website
zytzagoo
mi3.crew


Joined: 25 Aug 2003
Posts: 1842
Location: Zagreb, Hrvatska

PostPosted: 23.04.2008 16:24    Post subject: Add user to your forum ignore list Reply with quote

strija wrote:
Kako bi to 2 ista passworda imala razliciti hash? Mozes malo pojasniti ako nije problem?
Ja recimo imam nesto ovako md5(md5($password) . $salt) ali tako je hash uvijek isti.

U ovom konkretnom slucaju svaki user moze recimo imati svoj (pseudo) random $salt,
i onda 2 hasha istog passworda nisu ista.

_________________
[+]I[+]am[+]my[+]own[+]religion[+]
Back to top
View user's profile Send private message Visit poster's website Twitter profile
strija



Joined: 14 Sep 2003
Posts: 473
Location: Čakovec

PostPosted: 24.04.2008 09:54    Post subject: Add user to your forum ignore list Reply with quote

I taj random $salt se onda sprema za svakog usera u bazu?

_________________
We can exist in ambiguity, but it means the deepest loneliness. | creolab.hr | thefarewellreason.com
Back to top
View user's profile Send private message Visit poster's website
zytzagoo
mi3.crew


Joined: 25 Aug 2003
Posts: 1842
Location: Zagreb, Hrvatska

PostPosted: 24.04.2008 11:10    Post subject: Add user to your forum ignore list Reply with quote

strija wrote:
I taj random $salt se onda sprema za svakog usera u bazu?

Moze, ali i ne mora... Moze ti posluziti i nesto sto imas u svojoj aplikaciji, a tesko je pogoditi
izvana, ili da ni user sam ne vidi nikad "to nesto". vidi recimo http://blog.punbb.org/2007/02/21/hashing-passwords/
(i neke komentare)

_________________
[+]I[+]am[+]my[+]own[+]religion[+]
Back to top
View user's profile Send private message Visit poster's website Twitter profile
Eric



Joined: 27 Jun 2005
Posts: 248
Location: Rijeka on rails

PostPosted: 24.04.2008 13:43    Post subject: Add user to your forum ignore list Reply with quote

strija wrote:
I taj random $salt se onda sprema za svakog usera u bazu?

najcesce da Smile

_________________
I WRITE BEAUTIFULL CODE, NO MORE, NO LESS.
http://del.icio.us/jardas
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    mi3dot.org Forum Index -> Server-side All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group