Where can I find competent code for hashing/checking in, say, PHP?

V

Valery Kirichenko2014-02-07 13:44:59

PHP

Valery Kirichenko, 2014-02-07 13:44:59

I am reading another article on Habré about hashing ( habrahabr.ru/post/211645/), where the authors refute each other, but do not provide a solution to pressing problems. Can someone give a competent code for hashing / checking in, say, PHP?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Y

Yaroslav, 2014-02-07
@frantic

You can give .
But it won't completely protect you from overkill. Just make life harder for the burglar. Since the hash rate will be longer and the database will not have the same hashes for the same passwords. Which will give you time to rec. Let's say patch up the "hole" and reset all passwords.
The bottom line is that the problem of security must be approached comprehensively. And the degree of concentration should depend on the application itself. For example, you can require users to use complex passwords (as, for example, in AppleId), ask them to change them once a month or two. And you can allow to use passwords from 3 characters. Here everything should be determined by the developer based on logic and risks.
And in general it is better not to allow leaks 8).
Filter and screen data. Protect the server. Use prepared statement and you will be happy.

F

FanatPHP, 2014-02-07
@FanatPHP

The correct code is in the manual :
and save to the database. then, when checking

if (password_verify ("rasmuslerdorf", $hash)) echo "OK";

If the version of PHP on the host has not yet grown to 5.5, that is, implementation in PHP, it's stupid to include, and that's it.

E

evnuh, 2014-02-07
@evnuh

CodeIgniter is now actively discussing and developing a new encryption lib, I advise you to read it, smart people, a lot can be cleared up: https://github.com/EllisLab/CodeIgniter/issues/2789