the secure PHP framework


9 October 2015, 10:59

This new release of Banshee contains a setup module for easy installation and register module to allow users to make an account themselves. The other big change is the way passwords are stored. In previous releases, it was hashed via SHA1, using the username as salt. In this release, the much stronger PBKDF2 method is used to hash passwords.

The advantage of the previous password storage method was that it allowed the usage of a challenge-response technique during login, to encrypt the password upon submit. This allowed a login via a non-encrypted connection without attackers being able to read your password. Useful for personal hobby websites for which an SSL certificate was too expensive or to much hassle. With the soon-available easy-to-use and free CA Let's Encrypt, that excuse is no longer valid.