Reputation: 142
good php mysql password hashing
I heard it is bad to store passwords in plain text in a database so i'm looking for a nice safe way to store pass works. i have done some research and have a working example.
$cost =10;
$salt =strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("$2a$%02d$",$cost).$salt;
$hash = crypt($password,$salt);
$hash is the final string that is saved into the database. To get the hashed password i have //$password = pass from the DB $enteredpass = pass from the login $hash = crypt($password,$enterdPass ); if($enterdPass == $hash) // pass entered is correct
I'm not looking for the best ever hashing just something that is good enough to put out on the internet as a small company or something
Upvotes: 0
Views: 266
Answers (1)
Reputation: 70853
PHP has a nice password hashing API since version 5.5, and it has been backported to be used with versions starting at 5.3.7.
Have a look at the documentation and the library you can use.
It's superior feature compared to your current solution is to allow upgrade password hashes if you decide to use a better algorithm or improved settings later.
example:
$store_this = password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
$true === password_verify('rasmuslerdorf', $store_this);
Upvotes: 3
Related Questions
- PHP Salt password encryption
- Encryption of hashed passwords?
- Best PHP hashing method for storing user passwords in a MySQL table?
- How to hash passwords in MySQL?
- Storing passwords in MySQL from PHP, using SHA2,mcrypt_create_iv, salt and MD5
- What are the best practices to encrypt passwords stored in MySql using PhP?
- Some feedback on my password hashing algorithm php mysql corona sdk
- Is my method for protecting MySQL DB password secure?
- encrypt/hash the user's password into database
- php encryption sql