Reputation: 13
Crypt passwords in the DB
I was looking about best practice for password protect, everybody are talking about bcrypt and others hashing classes. But I can't get how To verify password if it contains unique random salt .
For cookies its fine, but without em - each time would be unique crypted value, how can I verify users password with random values? Oo . Or bcrypt only for cookies? Then what I should do with password in db?
Please describe to me my mistakes - what I've lost when learning about it.
Upvotes: 1
Views: 314
Answers (2)
Reputation: 55271
The bcrypt algorithm creates a random salt that is stored as part of the hash in a standardised way.
See How do you use bcrypt for hashing passwords in PHP? for a working example.
See also:
(edited heavily since my answer was wrong before)
Upvotes: 1
Reputation: 34107
There will be a group of function in the next php version, for details see the accepted RFC.
Anthony, the author of the RFC and the patch was kind enough to provide a compatibility library written in php so you can start using this new functionality now!
Behind the scenes it uses crypt with the strongest algorythm currently known.
Upvotes: 1
Related Questions
- PHP Login with bCrypt Hashed Passwords
- Bcrypt Codeigniter
- How to use bcrypt for user data with PHP/MySQL/JSON
- Correct way to store passwords in PHP
- Bcrypt security
- Hash passwords with bcrypt in the database or in php code?
- BCRYPT and Random SALTS together in database
- How to use bcrypt with php for password authentication?
- Using bcrypt for user passwords
- Storing bcrypt hashes