发表新帖
发表新帖

Securely hash passwords - so much conflicting advice!

前端 未结
关注
5 1943
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-01-02 23:39

I\'m reading so much conflicting advice as to how to store passwords securely. All I know for sure is not to use MD5! I\'ve seen people advocate using PHP\'s bcrypt

5条回答
  • 春和景丽
    春和景丽 (楼主)
    2021-01-03 00:00

    First of all you need to use a good hash function, I suggest SHA-256. You can create a SHA-256 hash like this:

    $hash = hash('sha256', $password);

    In addition you could also use salting like this:

    $salt = 'salt here';
$hash = hash('sha256', $salt . $password);

    Moreover, you can use HMACs, like this:

    $secret = 'your secret';
$hmac = hash_hmac('sha256', $password, $secret);

    The best way to create solid hashes is through salting and iteration. You should loop the above functions until hashing takes 200ms.

    You could also go ahead and use encryption, but that would be a bit overkill for most situations.

    0 讨论(0)
 看不清?
提交回复
热议问题