Answer the question
In order to leave comments, you need to log in
What is the best PHP tool to securely store passwords in a database?
What is the best way to store the password in the database?
I followed an example from the internet. But I read that md5
It is not recommended to use this function to ensure the security of storing passwords due to the high speed of this algorithm.
$password = md5($password);//шифруем пароль
$password = strrev($password);// для надежности добавим реверс
$password = $password."wwqwq";//добавляем соль
Answer the question
In order to leave comments, you need to log in
We read
php.net/manual/en/function.password-hash.php
Then we laugh with
//encrypt the password
//add a reverse for security
//add a salt
official document:
If the popular hashing functions don't work, then how should I hash my passwords?
There are two important considerations when hashing passwords: computation cost and salt. The higher the computational cost of a hashing algorithm, the longer it takes to crack its output by brute force.
PHP 5.5 provides a built-in password hashing API that works securely with both hashing and password validation. There is also a » PHP Compatibility Library available since PHP 5.3.7.
Another possibility is the crypt() function, which supports several hashing algorithms in PHP 5.3 and later. When using this function, you can be sure that the algorithm you choose is available, since PHP contains its own implementation of each supported algorithm, even if some of them are not supported by your system.
When hashing passwords, it is recommended to use the Blowfish algorithm, which is also the default in the Password Hashing API, as it is much more computationally complex than MD5 or SHA1 while still being flexible.
Note that if you are using the crypt() function to verify a password, then you need to guard against timing attacks by using string comparisons that take constant time. Neither the PHP == and === operators, nor the strcmp() function are. The password_verify() function does exactly what it needs to. It is strongly recommended that you use the built-in password hashing API if available.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question