Hello,
I am working on a login script for a personal site. The problem is though, I need to have the best and most secure protection there is for the login system I am creating (I will not go into specifics but the users will have access to very sensitive data). The users will each have a password and username. I need a way that is possible with all PHP installations (I am planning on using this script on other hosts for other sites and need something that can be easily installed without the need for any special functions not included in a normal PHP installation) to secure user passwords in the most secure way possible. I have other methods of security, but they are not for password encryption and more for validation of users. Currently now, I am just using md5() to encrypt the passwords. Could someone (that has a great deal of security experience) point me in the right direction for a very secure system. Any links to articles, code samples, or explanations will be greatly appreciated!!!
Thanks So Much Guys (And Girls)
FlashCreations
http://en.wikipedia.org/wiki/MD5
MD5 isn't really that safe anymore.
> I will not go into specifics but the users will have access to very sensitive data
Like banking or medical details?
Many countries have legal requirements for compliance (and such like).
> I need to have the best and most secure protection there is for the login system I am creating
That kind of 'best' comes with high price tags.
It's not something you're likely to be able to lash together yourself with a few bits of help from an online forum.
Exactly. All I'm looking for is the best that can be done with PHP.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.