phpass

Is the salt contained in a phpass hash or do you need to salt its input?

phpass is a widely used hashing 'framework'. Is it good practice to salt the plain password before giving it to PasswordHash (v0.2), like so?: $dynamicSalt = $record['salt']; $staticSalt = 'i5ininsfj5lt4hbfduk54fjbhoxc80sdf'; $plainPassword = $_POST['password']; $password = $plainPassword . $dynamicSalt . $staticSalt; $passwo...

How can * be a safe hashed password?

phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // <snip> trying to generate a hash… # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for gen...

[php] phpass autologin?

Hello! How are you supposed to create an autologin feature on your webpage using phpass as encryption of the passwords? I mean, the way it checks the password is by giving the CheckPassword method the password in clear-text and a hashed string of that password (a previously stored hash that is). Then it returns true/false wheter its cor...