I am designing a php website, and I used sha1 to store password for the users, but I later read that sha1 is unsafe, Its better i use Bcrypt, now I try to find about Bcrypt but these questions - How do you use bcrypt for hashing.. and Is Bcrypt used for Hashing is too complex, I dont understand what they explain.
<?php $pass = sha1($_POST["password"]); ?>
but could it be:
<?php $pass = bcrypt($_POST["password"]); ?>
or which is better than both. Thanks
If you are using PHP version 5.5+, you may use the method password_hash(), and password_verify();
EXAMPLE:
$hash = password_hash("mypassword", PASSWORD_BCRYPT);
and to verify:
if (password_verify('mypassword', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
This is the best and most secured in PHP today since the salt is built-in inside the method.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.