问题
I am creating a web application which stores users passwords. I was wondering what are the best methods / algorithms that a programmer can use to hash passwords?
回答1:
Key strengthening techniques such as bcrypt or PBKDF2 are generally considered better than plain hashes since cracking them requires more resources. The downside of this is that generating and verifying them also requires more resources; your resources.
Regardless of exactly which algorithm you choose, always use a suitable, per-user salt.
回答2:
This is a related article... http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
and it mentions this tool...
http://www.openwall.com/phpass/
Maybe it helps you to get some ideas?!
Edit:
PHP 5.5 implements an API for secure password hashing!
For PHP > 5.3.7 there is already a functions-set workaround to implement the API for secure password hashing to your scripts.
来源:https://stackoverflow.com/questions/7029372/password-hashing