Hashing Passwords Techniques in PHP [duplicate]

by

NONE! You should not be experimenting with the security of your website. Do not use cryptographic methods that are not tested by professionals.

Double hashing is just a waste of time. It’s like trying to build security through obscurity.

It’s not the best, but I’ll post as it’s a built-in function and definitely more secure than md5().

  • To hash initially on register use: password_hash($pass, PASSWORD_DEFAULT, ['cost' => 12]);

Note: Cost is the value upon which depends how much your server will need to match the password when you log in. The higher you set it the more difficult and resource-consuming it becomes for the server to match it.

  • To match later on login use: password_verify($pass, $db_pass);

Clarification: That’s the best and most secure method I know of. If anyone has anything more controversial and secure than password_hash(), please share it.

Code:

// When you store it
password_hash($pass, PASSWORD_DEFAULT, ['cost' => 12]);

// When you check if they match
password_verify($pass, $db_pass);

Reference: @erickson has written a fantastic answer here.

More Related Contents:

  1. How to make array inside in foreach loop – php? [closed]
  2. Please rectify this syntax error echo ” ” Add to cart “”; [closed]
  3. URL Rewriting of a query string in php [duplicate]
  4. How do I expire a PHP session after 30 minutes?
  5. How can I prevent SQL injection with dynamic tablenames?
  6. Form submit with AJAX passing form data to PHP without page refresh [duplicate]
  7. How to avoid echoing character 65279 in php?
  8. “Unknown modifier ‘g’ in…” when using preg_match in PHP?
  9. What type of hash does WordPress use?
  10. Is it possible to redirect post data?
  11. Get absolute path of initially run script
  12. Is it ever ok to store password in plain text in a php variable or php constant?
  13. Downloading attachments to directory with IMAP in PHP, randomly works
  14. Make multiple files to force-download
  15. Array_map function in php with parameter
  16. How to merge two arrays by summing the merged values [duplicate]
  17. Parse a JavaScript file through PHP
  18. How can I use PHP to dynamically publish an ical file to be read by Google Calendar?
  19. How to Merge Two Eloquent Collections?
  20. Upload Images On Twitter Using PHP
  21. CMS Routing in MVC
  22. How to always use ignore-platform-reqs flag when running composer?
  23. Conditional Statements in PHP code Between HTML Code
  24. How do I get the external IP of my server using PHP?
  25. Correct format for strings / numbers beginning with zero?
  26. Update query PHP MySQL [duplicate]
  27. Do I have to use mysql_real_escape_string if I bind parameters?
  28. iOS7 – receipts not validating at sandbox – error 21002 (java.lang.IllegalArgumentException)
  29. passing php string with multiple lines to a javascript function/variable
  30. Determine in php script if connected to internet?

Leave a Comment