Last Updated: February 25, 2016

Hash passwords securely

I believe that you don't store passwords in plain text. But many programmers still store md5 hashed passwords, maybe salted. According to this: http://en.wikipedia.org/wiki/MD5 - some graphics processors can compute 16 to 200 million hashes per second. Also try to Google for md5 salted hash cracker.

MD5 was designed for data integrity checks - calculate file hash, fast plz!

That's why MD5 shouldn't be used for password hashing.

So, how to securely hash passwords? I use this function:

function calculateHash($password, $salt = NULL) {
return crypt($password, $salt ?: '$2a$07$' . Strings::random(22));
}

Now, to get hashed password, call calculateHash($plainpass) and to check password use that hashed password as second parameter:

if($hashedPassFromDb == calculateHash($plainpass, $hashedPassFromDB)){ 
       // correct!
} else {
       // blah!
}

Docs: http://php.net/crypt

Strings::random: http://api.nette.org/2.1.0/source-Utils.Strings.php.html#399-428

Written by Martin Janeček

Say Thanks

Respond

Related protips

HTML5 Mobile Device Camera Access

361.4K

Pretty print array php

297.5K

Laravel's .htaccess to remove "public" from URL

244.7K

Have a fresh tip? Share with Coderwall community!

Best #Php Authors

472K

359.7K

293.4K

hnordt

244.5K

239.9K

Related Tags

Awesome Job

Post a job for only $299

#native_title# #native_desc#

#native_cta#