stackoom
  简体   繁体   中英

Security on hashing passwords with CryptoJS and then use php password_hash()

 原文  2015-01-12 11:35:05       javascript/ php/ security/ hash/ cryptojs

Question

So I got my own little project that I work on and I have a login for my friends to login and post news and update another thing. This site will never hold any personal information, it's just for my own education.

So my question is: Do I need to create a self signed certificate and add that to my Web Host, or pay money for that or can I just use CryptoJS to create a hash and then when it's on server side use php's password_hash() before saving it in the database?

1 answers

solution1
 1 ACCPTED  2015-01-13 10:35:00

You are talking about two different things. First is SSL and encryption of network second is password hashing in db. To be secure you should use both SSL and password hashing. If you do not want to pay for signed certificate you can create own cert not signed by CA and give it to your friends (in secure manner) they should include it in browser or they should check certificate fingerprint each time they connect to site. Any one who do not have this cert or its fingerprint will not know it there is MITM and browser will complain about it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Password_hash() need of pre-hashing before submit? Php's password_hash encoding for HTTP basic authentication Is binary hashing possible with CryptoJS? protocol to use password hashing with salt How to get CryptoJS result as hash_hmac PHP (SHA1) Bcrypt not that secure at hashing passwords? password hashing for login solution with PHP and javaScript VueJS hash files with CryptoJS Am I hashing passwords correctly? What is the point of hashing passwords in the database?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM