This talk was extremely useful, Anthony showed us the different types of encrypting passwords and how easy it can be to brute force them. The numbers were real eye-openers and PHP 5.5 will have some awesome features to create ways of securing passwords. I'm looking forward to seeing the full talk, it's the kind of hardcore stuff we developers love to work with.
Perhaps focused a bit too much on the speed with which different password hashes could be brute-forced attacked on different platforms, though it served as a good precursor to the recommendation to use the new password hashing functions recently added to the PHP core... however, I'd have liked to see a bit more about how the new functions work internally.
How we convince a million existing developers to upgrade and start using the new functions rather than their naive use of an unsalted md5 hash is an exercise for the future
A very useful talk. I was surprised at how weak md5+salt was. Also thanks for recording and uploading the video - now that I've spammed the link to my colleagues they have no excuse not to use bcrypt :D
As it's not been mentioned already, here is the video http://www.youtube.com/watch?v=eNdW5HWBhG0
Comments
Comments are closed.
This talk was extremely useful, Anthony showed us the different types of encrypting passwords and how easy it can be to brute force them. The numbers were real eye-openers and PHP 5.5 will have some awesome features to create ways of securing passwords. I'm looking forward to seeing the full talk, it's the kind of hardcore stuff we developers love to work with.
Loved this talk. I was shocked at just how quickly passwords can be brute forced and grateful for instructions on how not to get caught out!
Been following the development of this API for a while, and was nice to see it presented in context by the author.
Really helpful and relevant examples that really drove home the point. Looking forward to evangelising this more come 5.5
Perhaps focused a bit too much on the speed with which different password hashes could be brute-forced attacked on different platforms, though it served as a good precursor to the recommendation to use the new password hashing functions recently added to the PHP core... however, I'd have liked to see a bit more about how the new functions work internally.
How we convince a million existing developers to upgrade and start using the new functions rather than their naive use of an unsalted md5 hash is an exercise for the future
A great introduction on the best practices for password and a sneak peak of PHP5.5 functionality.
Speaker had good pace and handled questions well.
A very useful talk. I was surprised at how weak md5+salt was. Also thanks for recording and uploading the video - now that I've spammed the link to my colleagues they have no excuse not to use bcrypt :D
As it's not been mentioned already, here is the video http://www.youtube.com/watch?v=eNdW5HWBhG0