• 𝒍𝒆𝒎𝒂𝒏𝒏
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Yikes, that is embarassing.

      Is opencart written in PHP? Bcrypt has been a thing for decades now, and is literally a drop in replacement that handles salting et al. If the developer was hesitant to implement that, I’d rather go use Magento or shudder Shopify

      • Zikeji@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        One of the first things I did when I took over an old php project was convert to bcrypt and add logic to automatically upgrade the hash on their next login (and in case you’re wondering, we also removed the old insurance hashes and the upgrade logic after a while, forcing remaining users to do a password reset).