stackoom
  简体   繁体   中英

Determining if my password hashing method is safe

 原文  2014-12-22 19:58:41       php/ hash

Question

I've been reading through and I'm a bit confused about storing passwords and how people can crack them. The safest way seems to be a very confusing topic for me. I started using md5 and after reading how outdated it is I started using the php_hash function like so 

$hash = password_hash($plainTextPassword, PASSWORD_DEFAULT);

I've been told to hash it again using salt and I understand how to do it. My question is why would one need to rehash their password? Most people just copy the code and use it not knowing why it's appropriate but for future purposes I'd like to know how do you know if the method you use for hashing your password is "hackable"?

1 answers

solution1
 4 ACCPTED  2014-12-22 20:02:57

I've been told to hash it again using salt…

What you have been told is wrong . Ignore whoever told you that.

The PHP password_hash() API is not a plain hash function; it already performs all the appropriate steps for hashing a password itself, including adding a salt. Don't add anything to it; just use it as-is.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Simple but safe password hashing Is it safe to store password after hashing in plain text in php Is this PHP implementation of pbkdf2 hashing for password generation considered safe? Register & Login password hashing method the same but not working How secure is this method of password hashing and matching? Mysql password hashing method old vs new type hashing password in joomla for my api Why is the CakePHP authentication component not hashing my password? Password Hashing Updating password hashing method, is the original way off base?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM