06.06.2016, 16:48
Besides the whole question, here is another quick note:
Just using Whirlpool once to hash a password without any kind of salt is not safe, at all. If your database gets breached, it wont take that long before someone has all bank passwords in plain text format. The easiest thing to change is to give every password a custom salt, which is added to the end of the password and then given to the WP_Hash function. This gives a bit of extra security, since rainbow tables become less useful. Second, use a function which is meant to be slow, like, for example, bcrypt. Googling "SAMP Bcrypt" should show up an include to use bcrypt. This is by far much safer than WP_Hash, because you can set it to be slower. This means that if your database is breached, and it already took your server 0.25 seconds to hash a password, an attacker needs a lot more time to get all the passwords.
TL; DR; 1. Hashing just passwords without a salt is unsafe. 2. Whirlpool is a relatively fast hashing mechanism which can't be set to be slower. Me and a lot of others recommend Bcrypt to solve this issue.
Just using Whirlpool once to hash a password without any kind of salt is not safe, at all. If your database gets breached, it wont take that long before someone has all bank passwords in plain text format. The easiest thing to change is to give every password a custom salt, which is added to the end of the password and then given to the WP_Hash function. This gives a bit of extra security, since rainbow tables become less useful. Second, use a function which is meant to be slow, like, for example, bcrypt. Googling "SAMP Bcrypt" should show up an include to use bcrypt. This is by far much safer than WP_Hash, because you can set it to be slower. This means that if your database is breached, and it already took your server 0.25 seconds to hash a password, an attacker needs a lot more time to get all the passwords.
TL; DR; 1. Hashing just passwords without a salt is unsafe. 2. Whirlpool is a relatively fast hashing mechanism which can't be set to be slower. Me and a lot of others recommend Bcrypt to solve this issue.