How to use BCRYPT with password_hash() in PHP
Question
Now with password_hash() in PHP >=5.6, do we need to also use BCRYPT to make the object/password more secured?
If yes, then could any one please describe how to store a password in registration page using password_hash() AND BCRYPT, and then how to retrieve information to login user on login page?
Sorry if anyone is offended by a beginner's limited knowledge. I am confused and didn't quite get the answer.
UPDATE:
I got the idea now, there is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime. The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB). Thanks everyone.
2 answers
solution1
2 2017-03-31 06:46:56
There is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime.
The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB)
solution2
1 ACCPTED 2017-03-24 07:34:23
The whole idea behind password_hash() is to always use an up-to-date hashing algorithm. Currently, the default algo. used is exactly BCRYPT. It even allows you to pass more options in order to make your password even more secure(for example your own salt or work factor). And what's even better, is that php also offers the password_needs_rehash() function that allows you to check later if a given hash was created using the current algo,and if not, you can just rehash the password. Check out the official php documentation page for pasword_hash(): http://php.net/manual/en/function.password-hash.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.