Answer the question
In order to leave comments, you need to log in
Where can I find competent code for hashing/checking in, say, PHP?
I am reading another article on Habré about hashing ( habrahabr.ru/post/211645/), where the authors refute each other, but do not provide a solution to pressing problems. Can someone give a competent code for hashing / checking in, say, PHP?
Answer the question
In order to leave comments, you need to log in
You can give .
But it won't completely protect you from overkill. Just make life harder for the burglar. Since the hash rate will be longer and the database will not have the same hashes for the same passwords. Which will give you time to rec. Let's say patch up the "hole" and reset all passwords.
The bottom line is that the problem of security must be approached comprehensively. And the degree of concentration should depend on the application itself. For example, you can require users to use complex passwords (as, for example, in AppleId), ask them to change them once a month or two. And you can allow to use passwords from 3 characters. Here everything should be determined by the developer based on logic and risks.
And in general it is better not to allow leaks 8).
Filter and screen data. Protect the server. Use prepared statement and you will be happy.
The correct code is in the manual :
and save to the database. then, when checking
if (password_verify ("rasmuslerdorf", $hash)) echo "OK";
If the version of PHP on the host has not yet grown to 5.5, that is, implementation in PHP, it's stupid to include, and that's it.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question