-
Notifications
You must be signed in to change notification settings - Fork 0
Password Hashing
MwauraKimani edited this page Feb 2, 2020
·
1 revision
Hashing is the standard way of protecting a user’s password before it’s stored in a database. Many common hashing algorithms like md5 and even sha1 are unsafe for storing passwords, because hackers can easily crack passwords hashed using those algorithms.
PHP provides a built-in password hashing library that uses the bcrypt algorithm, currently considered the best algorithm for password hashing.
`$hashedPassword = password_hash('my super cool password', PASSWORD_DEFAULT);`
`password_verify('the wrong password', $hashedPassword); // false`
`password_verify('my super cool password', $hashedPassword); // true`
Many sources will recommend that you also “salt” your password before hashing it. That’s a great idea, and password_hash() already salts your password for you. That means that you don’t have to salt it yourself.