Category Archives: Symbology and Cryptology

How not to save user passwords

On March 21, 2019, Facebook announced that it had exposed hundreds of millions of their users’ passwords. A bug in its password management systems caused passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. As a result, thousands of Facebook employees could have potentially seen them. Krebs reports… Read More »

Why does PHP’s password_hash() output change each time the same password is hashed?

Nota bene: the hash() algorithm in this article has been slightly altered so that the code below doesn’t work. This is intentional: this code should not be used for secure hashing as it is merely a demonstration of why the same password can generate a different hash. The hash for a password should change each… Read More »