[OWASP_PHPSEC] For the love of bcrypt

Abbas Naderi abiusx at owasp.org
Tue Sep 17 21:22:23 UTC 2013


If you do, yet. But it is not based on the password you STORE on your system, but the password that a user submits when they ar etrying to login :D

______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 17, 2013, at 3:38 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> But as suggested in the comments....if you will check for lengths of password in the server side also, then it can be thwarted. So, is this really a problem...if yes, how ??
> 
> 
> On Mon, Sep 16, 2013 at 7:04 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> http://arstechnica.com/security/2013/09/long-passwords-are-good-but-too-much-length-can-be-bad-for-security/
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130917/0e8517cc/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list