This guide explains why MD5 with salt is insecure, introduces stronger hashing algorithms like bcrypt and Argon2, and provides practical PHP examples using password_hash and password_verify to safely store and verify user passwords with built‑in salts and configurable cost factors.
MaxKey is an enterprise‑grade single sign‑on solution that supports OAuth 2.x, OpenID Connect, SAML 2.0, JWT, CAS and SCIM, offering secure identity management, RBAC, multi‑tenant capabilities, robust password policies, brute‑force protection, session control, and BCrypt‑based password encryption.
The article explains why MD5 and simple salted hashes are insecure for password storage, distinguishes between cryptographic and non‑cryptographic hash functions, introduces slow key‑derivation algorithms such as Bcrypt, Scrypt and Argon2, and recommends using strong KDFs with unique salts in modern applications.
This guide demonstrates how to build a Spring Cloud Gateway for microservices, covering system setup, CORS handling, rate‑limiting with the token‑bucket algorithm, password hashing with BCrypt, and secure JWT‑based authentication, complete with Maven dependencies, configuration files, and filter implementations.
The PHP password_verify() function suffers a validation error vulnerability in certain versions where a "$" character in the BCrypt salt triggers a buffer over‑read, allowing any password to be accepted as valid and potentially enabling password‑less logins.
This article provides a step‑by‑step guide to building a Spring Cloud Gateway for microservices, covering system setup, request routing, cross‑origin handling, token‑bucket rate limiting, password hashing with BCrypt, an overview of symmetric and asymmetric encryption, and JWT‑based authentication with code examples and configuration details.
This article explains the differences between hashing and encryption, demonstrates Java's built‑in hash implementations, discusses the insecurity of MD5 and rainbow‑table attacks, and provides a detailed guide on using BCrypt with Spring Security, including code examples and the PasswordEncoder interface.
This article explains why password security is critical, describes symmetric and asymmetric encryption methods, details how HTTPS and RSA protect data in transit, and outlines best practices for securely storing passwords using hashing, salting, BCrypt, and PBKDF2.
This article explains why transmitting passwords over plain HTTP is unsafe, introduces HTTPS and its TLS encryption process, compares symmetric and asymmetric encryption methods, and recommends secure password storage techniques such as salted hashing and BCrypt to protect against rainbow‑table and brute‑force attacks.
This guide explains how to use Laravel's Hash facade to securely hash passwords with Bcrypt or Argon2, configure hashing drivers, adjust algorithm parameters, and verify or rehash passwords using methods such as make, check, and needsRehash.
This article explains how passwords should be encrypted during transmission using symmetric and asymmetric methods such as RSA, why HTTPS is essential, how services like GitHub and Baidu handle login security, and best practices for securely storing passwords with hashing, salting, and strong algorithms like BCrypt and PBKDF2.
This article examines common password‑storage techniques, explains why plain‑text, symmetric encryption, and simple hashes are insecure, and demonstrates how modern algorithms like PBKDF2, bcrypt, and scrypt, together with proper salting and iteration, can effectively protect user credentials against large‑scale cracking attacks.
This article explains common user password storage methods, compares their security characteristics, and details various cracking approaches—including hash collisions, rainbow tables, and advanced algorithms like PBKDF2, bcrypt, and scrypt—while emphasizing the importance of strong encryption to mitigate data breach risks.
The article explains that general‑purpose hash functions like MD5 and SHA families are fast and vulnerable to brute‑force attacks, while bcrypt’s deliberately slow, work‑factor‑adjustable design makes it a far more secure choice for storing passwords.
This article examines common pitfalls in password storage—from storing plaintext or reversible encryption to basic hashing, salted hashing, and advanced key‑derivation functions—explaining why each approach can be vulnerable and recommending robust methods like PBKDF2, bcrypt, and scrypt.
