{"id":657,"date":"2011-08-08T19:53:00","date_gmt":"2011-08-08T17:53:00","guid":{"rendered":"http:\/\/blog.kodono.info\/wordpress\/?p=657"},"modified":"2011-09-15T09:23:17","modified_gmt":"2011-09-15T07:23:17","slug":"stocker-un-mot-de-passe-en-php-grace-a-bcrypt-securite","status":"publish","type":"post","link":"https:\/\/blog.kodono.info\/wordpress\/2011\/08\/08\/stocker-un-mot-de-passe-en-php-grace-a-bcrypt-securite\/","title":{"rendered":"Stocker un mot de passe en PHP gr\u00e2ce \u00e0 bcrypt [s\u00e9curit\u00e9]"},"content":{"rendered":"<p>[niveau: interm\u00e9diaire]<\/p>\n<p>Il a \u00e9t\u00e9 d\u00e9montr\u00e9 que le stockage de mot de passe n&#8217;est pas chose ais\u00e9e, et que l&#8217;utilisation d&#8217;une m\u00e9thode de hashage (MD5, SHA-1, etc) n&#8217;est pas parfaite, m\u00eame avec l&#8217;utilisation d&#8217;un <em>salt<\/em>. D&#8217;apr\u00e8s cette constatation plusieurs articles indiquent que la meilleure m\u00e9thode reste l&#8217;utilisation de <code>bcrypt<\/code>, comme on peut le lire dans <a href=\"http:\/\/codahale.com\/how-to-safely-store-a-password\/\">How to safely store a password<\/a>.<\/p>\n<p>L&#8217;utilisation de <code>bcrypt<\/code> est assez simple :<br \/>\n1) T\u00e9l\u00e9charger <a href=\"http:\/\/www.openwall.com\/phpass\/\">phpass<\/a> (fichier .tgz qui contient un fichier <strong>PasswordHash.php<\/strong>);<br \/>\n2) Appeler <em>PasswordHash.php<\/em> dans votre page :<\/p>\n<pre class=\"brush:php\">&lt;?php require('includes\/PasswordHash.php'); ?><\/pre>\n<p>3) Maintenant vous pouvez utiliser l&#8217;objet PasswordHash comme cela :<\/p>\n<pre class=\"brush:php\">&lt;?php\r\n$password = $_POST[\"password\"];\r\n$hasher = new PasswordHash(8, FALSE);\r\n$hash = $hasher->HashPassword($password);\r\n?><\/pre>\n<p>Et pour v\u00e9rifier un mot de passe, vous devez utiliser ce petit bout de code :<\/p>\n<pre class=\"brush:php\">&lt;?php \/\/ v\u00e9rification du mot de passe\r\n$password = $_POST[\"password\"];\r\n$password_correct = \"password qui vient de la base de donn\u00e9es\"; \/* Le hash stock\u00e9 pr\u00e9c\u00e9demment *\/\r\n$hasher = new PasswordHash(8, FALSE);\r\n$check = $hasher->CheckPassword($password, $password_correct);\r\n\r\nif ($check) {\r\n echo \"Password correct!\";\r\n}\r\nelse {\r\n echo \"Password incorrect...\";\r\n}\r\n?><\/pre>\n<p>A noter que si vous souhaitez le rendre compatible avec d&#8217;autres syst\u00e8mes \u00e9quivalents (comme <a href=\"http:\/\/www.mindrot.org\/projects\/jBCrypt\/\">BCrypt pour Java<\/a> par exemple), alors il faudra vous assurer que votre machine a bien CRYPT_BLOWFISH d&#8217;install\u00e9 (on peut le voir avec <code>&lt;?php echo CRYPT_BLOWFISH; ?&gt;<\/code>) afin d&#8217;avoir une bonne compatibilit\u00e9 des deux syst\u00e8mes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[niveau: interm\u00e9diaire] Il a \u00e9t\u00e9 d\u00e9montr\u00e9 que le stockage de mot de passe n&#8217;est pas chose ais\u00e9e, et que l&#8217;utilisation d&#8217;une m\u00e9thode de hashage (MD5, SHA-1, etc) n&#8217;est pas parfaite, m\u00eame avec l&#8217;utilisation d&#8217;un salt. D&#8217;apr\u00e8s cette constatation plusieurs articles indiquent que la meilleure m\u00e9thode reste l&#8217;utilisation de bcrypt, comme on peut le lire dans [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","hide_page_title":"","footnotes":""},"categories":[13,33,9],"tags":[152,25,158,149],"class_list":["post-657","post","type-post","status-publish","format-standard","hentry","category-niveau-intermediaire","category-programmation","category-securite","tag-niveau-intermediaire","tag-php","tag-programmation","tag-securite"],"_links":{"self":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/comments?post=657"}],"version-history":[{"count":14,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/657\/revisions"}],"predecessor-version":[{"id":721,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/posts\/657\/revisions\/721"}],"wp:attachment":[{"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/media?parent=657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/categories?post=657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kodono.info\/wordpress\/wp-json\/wp\/v2\/tags?post=657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}