Results 1 to 2 of 2
Thread: php password_hash() function
Nov 26, 2013, 09:51 #1
- Join Date
- Nov 2013
- 0 Post(s)
- 0 Thread(s)
php password_hash() function
I want to know your opinion on using php's password_hash() function,
Like how secure is it? When it comes to rainbow attacks and other forms of attacks
What hash algorithm would you recommend to encypt passwords? Moreso which is beTter? PbkDF2 or Bcrypt.
Nov 26, 2013, 11:27 #2
PBKDF2 can use an arbitrary amount of computing power. Bcrypt can also use an arbitrary amount of computing power but also has an expensive memory cost. Scrypt can use an arbitrary amount of computing power and an arbitrary amount of memory. Though, bcrypt is plenty sufficient and available through the convenient password_hash functions, so that's probably still your best bet."First make it work. Then make it better."