ferran
Reputation: 108
Do I need to split the BCRYPT hash into separate strings inside my database?
I wanted to make my password database more sequre encrypting the passwords with bcrypt. The thing is I do not know if it is important to split the hash returned by the method into different strings (-prefix-cost-salt-password-) in order to make it safer. Does it? The hash returned: $2y$10$/s1xHJ04qAY2CCs16BHdQ.VpzQjd3HSUGEsL6xiKrd.RQig7uFpZ.
And in that case, which columns should I create in my database table?
Upvotes: 0
Views: 257
Answers (1)
Oshione
Reputation: 88
You don't need to split the hashed password, why you want to do that? Just use the PHP native password hashing function: password_hash($user_password, PASSWORD_BCRYPT, ['cost'=> 12]) and store the result inside the database.
Upvotes: 1
Related Questions
- PHP - hashing passwords with bcrypt
- PHP password_hash() / bcrypt
- bcrypt and sanitizing password?
- What should be stored in table while using bcrypt
- Is Storing of Bcrypt hashed password directly in DB is advisable?
- Hash passwords with bcrypt in the database or in php code?
- Do I need unique salts with bcrypt in PHP?
- When using PHP's crypt() function to create a bcrypt hash, do I need a salt?
- How to handle BCrypt hashed passwords?
- Storing bcrypt hashes