Reputation: 41
Determining if my password hashing method is safe
I've been reading through and I'm a bit confused about storing passwords and how people can crack them. The safest way seems to be a very confusing topic for me. I started using md5 and after reading how outdated it is I started using the php_hash function like so
$hash = password_hash($plainTextPassword, PASSWORD_DEFAULT);
I've been told to hash it again using salt and I understand how to do it. My question is why would one need to rehash their password? Most people just copy the code and use it not knowing why it's appropriate but for future purposes I'd like to know how do you know if the method you use for hashing your password is "hackable"?
Upvotes: 0
Views: 42
Answers (1)
Reputation:
I've been told to hash it again using salt…
What you have been told is wrong. Ignore whoever told you that.
The PHP password_hash() API is not a plain hash function; it already performs all the appropriate steps for hashing a password itself, including adding a salt. Don't add anything to it; just use it as-is.
Upvotes: 4
Related Questions
- How secure is this method of password hashing and matching?
- PHP - How safe/strong is this hashing?
- PHP: Password Hashing
- correct use of password_hash
- is this code valid for password hashing?
- Is this a good hashing password function in PHP? If not, why not?
- Is this password storage method secure?
- Password hash in PHP: Am I Doing This Right?
- Is this secure enough, for hashing
- How secure is this hash? (PHP)