问题
I am designing a php website, and I used sha1 to store password for the users, but I later read that sha1 is unsafe, Its better i use Bcrypt, now I try to find about Bcrypt but these questions - How do you use bcrypt for hashing.. and Is Bcrypt used for Hashing is too complex, I dont understand what they explain.
<?php $pass = sha1($_POST["password"]); ?>
but could it be:
<?php $pass = bcrypt($_POST["password"]); ?>
or which is better than both. Thanks
回答1:
If you are using PHP version 5.5+, you may use the method password_hash(), and password_verify();
EXAMPLE:
$hash = password_hash("mypassword", PASSWORD_BCRYPT);
and to verify:
if (password_verify('mypassword', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
This is the best and most secured in PHP today since the salt is built-in inside the method.
来源:https://stackoverflow.com/questions/37099640/how-do-i-store-user-password-with-bcrypt