Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best way encrypt password php (in 2017) [duplicate]

In my website I use md5 to crypt password user in my database (and store session user)

$pswUser = md5($_POST["password"]);

But I have just been told that this way of encrypting has become obsolete

I did some research to find out how to do it but most of the posts dates from two or three years ago So what is the best way to encrypt password in 2017 ?

Thank you

Isn't duplicate discussion ... Secure hash and salt for PHP passwords => 2009 ...

like image 496
Rocstar Avatar asked May 09 '17 08:05

Rocstar


People also ask

What is the best way to encrypt password in PHP?

Luckily, PHP makes this easy thanks to password_hash() . $hash = password_hash($password, PASSWORD_DEFAULT); The password_hash() function not only uses a secure one-way hashing algorithm, but it automatically handles salt and prevents time based side-channel attacks.

Which encryption is best for passwords?

Google recommends using stronger hashing algorithms such as SHA-256 and SHA-3. Other options commonly used in practice are bcrypt , scrypt , among many others that you can find in this list of cryptographic algorithms.

How can we encrypt the username and password using PHP?

The functions which are generally used to encrypt the username and password in php are md5(), sha1() and base64_encode.

How to encrypt and decrypt passwords in PHP?

The best way to encrypt and decrypt passwords is to use a standard library in PHP because the method of properly encrypting and decrypting passwords from scratch is complex and involves multiple possibilities of security vulnerabilities. Using the standard library ensures that the hashing implementation is verified and trusted.

How to store password in PHP in 2017?

Now how to store password in 2017. The answer is to use a very slow hashing algorithm with some random salt. The PHP official recommends one is the bcrypt algorithm. The bcrypt is very slow and since we are adding some random salt along with it is literally impossible for the attacker to crack a password.

What is secret key encryption in PHP?

Secret Key Encryption is also called Symmetric encryption, The Secret Key Encryption of the PHP uses just one key, called a shared secret, for both encrypting and decrypting. To encrypt the data, Here one same key is used by the sender (for encryption) and the receiver (for decryption). So the key is shared.

What is the best password hashing algorithm in PHP?

The PHP official recommends one is the bcrypt algorithm. The bcrypt is very slow and since we are adding some random salt along with it is literally impossible for the attacker to crack a password. PHP provide a default function called password_hash to hash the password using bcrypt with random salt and password_verify function to verify it.


Video Answer


1 Answers

The password hash function in combination with password verify

https://secure.php.net/manual/en/function.password-hash.php https://secure.php.net/manual/en/function.password-verify.php

like image 167
user7984880 Avatar answered Oct 04 '22 18:10

user7984880