SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Nov 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face php password_hash() function

    HeLlo, everyone

    I want to know your opinion on using php's password_hash() function,
    Like how secure is it? When it comes to rainbow attacks and other forms of attacks
    What hash algorithm would you recommend to encypt passwords? Moreso which is beTter? PbkDF2 or Bcrypt.

    Thank you

  2. #2
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,278
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jihdeh View Post
    I want to know your opinion on using php's password_hash() function
    PHP's password_hash functions are almost certainly your best bet. They do everything you're supposed to do, and they do it right, with as simple of an API as you could ever hope for.

    Quote Originally Posted by jihdeh View Post
    Like how secure is it? When it comes to rainbow attacks and other forms of attacks
    Every password by default gets a unique 128-bit salt and 1,024 iterations. Definitely secure against rainbow attacks and other known forms of attack.

    Quote Originally Posted by jihdeh View Post
    What hash algorithm would you recommend to encypt passwords? Moreso which is beTter? PbkDF2 or Bcrypt.
    Probably PBKDF2 < bcrypt < scrypt

    PBKDF2 can use an arbitrary amount of computing power. Bcrypt can also use an arbitrary amount of computing power but also has an expensive memory cost. Scrypt can use an arbitrary amount of computing power and an arbitrary amount of memory. Though, bcrypt is plenty sufficient and available through the convenient password_hash functions, so that's probably still your best bet.
    "First make it work. Then make it better."


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •