Reputation: 429
How to use crypt() and the password_hash() function together?
I am new to PHP and now learning about password security. I read about the crypt() and password_hash() function in PHP documentation. I understand the crypt() and password_hash() function alone but how do I use them together? Do I still have to define a salt in crypt() function of leave it blank like password_hash(crypt($password,''),PASSWORD_DEFAULT);
Upvotes: 0
Views: 800
Answers (1)
Reputation: 24141
The function password_hash() internally uses the crypt() function. It is a wrapper which takes care of all the possible pitfalls, like the generation of a cryptographically safe salt, or the choice of the suitable algorithm.
So there is no need to combine the functions, and no need to generate a salt on your own, just use password_hash() and password_verify() and you are fine.
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($_POST['password'], PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($_POST['password'], $existingHashFromDb);
Upvotes: 4
Related Questions
- PHP Verifying passwords using password_verify and password_hash
- Encryption using crypt()
- Password does not match after being encrypted using crypt() and password_hash() function
- Hashing using crypt in PHP
- Am I using PHP's crypt() function correctly?
- crypt() function not giving proper hashes
- hash() vs. crypt() function comparison
- Correct use of crypt?
- using crypt as a password hash and comparing values?
- (PHP) How to correctly implement crypt()