Skip to content

Password Hashing

MwauraKimani edited this page Feb 2, 2020 · 1 revision

Password hashing.

Hashing is the standard way of protecting a user’s password before it’s stored in a database. Many common hashing algorithms like md5 and even sha1 are unsafe for storing passwords, because hackers can easily crack passwords hashed using those algorithms.

PHP provides a built-in password hashing library that uses the bcrypt algorithm, currently considered the best algorithm for password hashing.

`$hashedPassword = password_hash('my super cool password', PASSWORD_DEFAULT);`

 `password_verify('the wrong password', $hashedPassword); // false`

 `password_verify('my super cool password', $hashedPassword); // true`

Many sources will recommend that you also “salt” your password before hashing it. That’s a great idea, and password_hash() already salts your password for you. That means that you don’t have to salt it yourself.

Clone this wiki locally