Source |
CodingSec |
Identifiant |
360579 |
Date de publication |
2017-05-01 15:05:59 (vue: 2017-05-01 15:05:59) |
Titre |
How to Hash Passwords in PHP in a Modern way |
Texte |
Historically, password security in PHP has been a bit slippery, requiring a measures of knowledge and care. Aiming to changes that, PHP 5.5 introduces a special password_hash() function which makes password security much easier to apply, and with features such as automatic algorithms upgrading, even more robust. There’s also a compatibility library for PHP >= 5.3.7. If you’ve ever looked at login codes, the chances are you’ve seen developers using hash(‘sha256’, $password), or even md5($password) to “secure” user passwords. Passwords hashes generated this way are laughably easy to cracks; with weak algorithms and no salting or stretching in places you’re
|
Envoyé |
Oui |
Condensat |
$password >= aiming algorithms also appeared apply are automatic been bit care chances changes codes coding compatibility cracks; developers easier easy even ever features first function generated has hash hashes historically how introduces knowledge laughably library login looked makes md5 measures modern more much password passwords php places post requiring robust salting security seen slippery special stretching such there’s upgrading user using way weak which you’re you’ve |
Tags |
|
Stories |
|
Notes |
|
Move |
|