I had to build an authentication system just like you described this weekend and there are lot of things that I have done in the same way.
One thing that it is worth noting is that bcrypt is not the most recommended way for salting & hashing passwords anymore, I will not try to get in details because I'm not and security expert, but there are several blogs and questions about this and the consensus today is to use Argon2. I suggest people to make a research to the their own conclusions.
ps: There is a typo on remember in the GenerateRemeberToken function.
Thanks a ton for reading the article thoroughly! I get it there are many other better and worst alternatives, but for most cases (like person starting out web dev journey) with decent computer the compression algorithm to generate hash would be just fine. There are alternatives like scrypt, PBKDF2 and argon2 which are said to be better but i'd say not every platform i have seen supports scrypt, argon2 needs a GPU to churn out better results. The idea is to learn what hashing is and how it is different from encryption, Then these can be looked into. Thanks for pointing out the typo. I am truly grateful for guiding readers towards more curious driven solutions.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I had to build an authentication system just like you described this weekend and there are lot of things that I have done in the same way.
One thing that it is worth noting is that bcrypt is not the most recommended way for salting & hashing passwords anymore, I will not try to get in details because I'm not and security expert, but there are several blogs and questions about this and the consensus today is to use Argon2. I suggest people to make a research to the their own conclusions.
ps: There is a typo on
remember
in theGenerateRemeberToken
function.Thanks a ton for reading the article thoroughly! I get it there are many other better and worst alternatives, but for most cases (like person starting out web dev journey) with decent computer the compression algorithm to generate hash would be just fine. There are alternatives like
scrypt
,PBKDF2
andargon2
which are said to be better but i'd say not every platform i have seen supports scrypt, argon2 needs a GPU to churn out better results. The idea is to learn what hashing is and how it is different from encryption, Then these can be looked into. Thanks for pointing out the typo. I am truly grateful for guiding readers towards more curious driven solutions.