phpass is a widely used hashing 'framework'.
Is it good practice to salt the plain password before giving it to PasswordHash (v0.2), like so?:
$dynamicSalt = $record['salt'];
$staticSalt = 'i5ininsfj5lt4hbfduk54fjbhoxc80sdf';
$plainPassword = $_POST['password'];
$password = $plainPassword . $dynamicSalt . $staticSalt;
$passwo...
phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment.
function HashPassword($password)
{
// <snip> trying to generate a hash…
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for gen...
Hello!
How are you supposed to create an autologin feature on your webpage using phpass as encryption of the passwords?
I mean, the way it checks the password is by giving the CheckPassword method the password in clear-text and a hashed string of that password (a previously stored hash that is). Then it returns true/false wheter its cor...