In my spare time, I like to tinker with code to familiarize myself with it. This is helpful should I want to incorporate it into web apps and/or sites I am building later. It definitely beats stumbling through the dark trying to feel my way through an API or function I have never dealt with.
This brings me to my point, security. I have played with md5, PHPass, and a little bit with Blowfish. I know that most, if not all, cipher encryption can be broken with brute force attacks. I mean, even a broken clock is right twice a day. So the chances of you getting the password guessed, given enough chances, is bound to pass. That’s why attempt have been put into place.
My question is, is there a better way of safeguarding your website and the data therein? I want to create something that doesn’t hassle the user, like a login and follow up with email confirmation. It should be smooth, seamless, and easy for the end-user to use. Otherwise, you lose visitors/clients/etc all due to overdoing it on your security.
Since I have yet to find this “perfect solution”, I guess my only choice is to go back to the drawing board. Looks like I will be tinkering at it for some time. That’s not necessarily a bad thing, though, “Idle hands are the Devil’s workshop” after all.Tags: blowfish, brute force, cipher, md5, php, phpass, privacy, security