do you hash your users passwords?
Yep. pbkdf2 with a random number of cycles plus per user salt so it's impossible to be rainbow tabled.
It's a random range for the cycles so everyone will get a high number. The point is that someone can't just say, oh, 100,000 cycles. I have a rainbow table for just that. The salt should also take care of it but who knows, some attack in the future might reduce it's value if the salt is known.
Edit: Just looked at my code. It's 100,000 cycles plus or minus 256.
Do you log IPs? Neat app btw.
Not on the server itself. Cloudflare is involved, so that might count but I think you've got cloudflare too.
I just check through my code. I'm not logging. I had to make sure. I've been running this vps for years. So no.
(post is archived)