Implemented Bcrypt to Hash Stored Passwords

If it's worth doing, it's worth over doing.

Categories: Archived, WordPress

I made a large improvement to the way we hash our user passwords on Tentacle CMS.

Originally Tentacle was using the default method of hashing passwords used in Dingo, This was a SHA1 hash. Still decent but not really up to newer standards.

When a login is processed the username and password are submitted and the password is hashed.

password turns into something like 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 and is actually stored in the database this way.

It is then possible to use brute force to gain access to a site.

The advantage of using Bcrypt and specifically phpass is that the passwords are all salted and the salt is random. That means that any hash of password will never be the same.

This method is commonly used in WordPress, Modules for Drupal, and Typo3.

Read how to create a PHP User Login with Sessions.

Adam Patterson

Adam Patterson

User Interface Designer & Developer with a background in UX. I have spent 5 years as a professionally certified bicycle mechanic and ride year-round.

I am a husband and father of two, I enjoy photography, music, movies, coffee, and good food.

You can find me on Twitter, Instagram, and YouTube!