Confusion about storing passwords

Im sort of concerned about making sure my passwords stored in my mysql database is pretty secure. Right now I use the md5() to hash each password like

$password = md5($_POST['Password']);

but I gather its pretty easy to crack (http://hashtoolkit.com/)

whats a better way?

I heard you need to salt the password, what is that?

Why aren’t you using password_hash?

3 Likes

A “salt” is something that is added to the value before hashing it. eg.

$salt = “secret”
$input = “password”

what would be hashed is “secretpassword” instead of only “password”

In any case,if you have (PHP 5 >= 5.5.0, PHP 7) IMHO you should use
password_hash
as spaceshiptrooper posted.

I came across this issue with the current project I’m working on. md5 was a hack solution I found. I’d suggest reading the PHP manual on password & hashing.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.