stackoom
  简体   繁体   中英

How do I store user password with Bcrypt

 原文  2016-05-08 12:05:25       php/ hash/ passwords/ sha1/ bcrypt

Question

I am designing a php website, and I used sha1 to store password for the users, but I later read that sha1 is unsafe, Its better i use Bcrypt, now I try to find about Bcrypt but these questions - How do you use bcrypt for hashing.. and Is Bcrypt used for Hashing is too complex, I dont understand what they explain. 

<?php $pass = sha1($_POST["password"]); ?>

but could it be: 

<?php $pass = bcrypt($_POST["password"]); ?>

or which is better than both. Thanks

1 answers

solution1
 3 ACCPTED  2016-05-08 12:08:40

If you are using PHP version 5.5+, you may use the method password_hash(), and password_verify();

EXAMPLE: 

$hash = password_hash("mypassword", PASSWORD_BCRYPT);

and to verify: 

if (password_verify('mypassword', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

This is the best and most secured in PHP today since the salt is built-in inside the method.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I check if Bcrypt password is correct? How do I bcrypt password when inserting into MySQL? How to store bcrypt salt with password_hash? How should I store SHA512 hash and PASSWORD_BCRYPT in MySQL? How to store a password as BCRYPT in a database as '$2a$15' in PHP Symfony 3 - How to authenticate a user from a password encrypted by bcrypt? How do you verify a password with PHP/MySQL using BCRYPT How I can re-hash my user's a password using bcrypt in postgresql without iterating them in php? How can I bcrypt a password during Yii2 Migrations? How should I store a user's LDAP password in a cookie?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM