Yes Richard that's very good advice. I think the article highlights 2 issues significant to us as devs
1) Enforcing stronger password validation 2) Password encryption md5 and sh1 are out of date, they once were good practice. A lot of people still think they are good practice (up to a few months ago I was one of them). This is probably due to thousands of articles showing it being used for password implementation. This is why I belong to group like this one, to confer with others good practice. (Lets not give php a bad name with bad coding). The sad thing is all my projects still use md5 at the moment while I spend time reading all the encryption articles to determine what to use, and hopefully not be doing the same thing in the future when that method gets broken. Applied Cryptography by Bruce Schneier from end to end ... too long a process I think. I guess what I'm asking is what function CAN I use to make the nasties go away. I was thinking crypt, but there are some mistakes that can be made to make it easier to crack. -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
