Im sort of concerned about making sure my passwords stored in my mysql database is pretty secure. Right now I use the md5() to hash each password like
$password = md5($_POST['Password']);
but I gather its pretty easy to crack (http://hashtoolkit.com/ )
whats a better way?
I heard you need to salt the password, what is that?
Why aren’t you using password_hash ?
3 Likes
A “salt” is something that is added to the value before hashing it. eg.
$salt = “secret”
$input = “password”
what would be hashed is “secretpassword” instead of only “password”
In any case,if you have (PHP 5 >= 5.5.0, PHP 7) IMHO you should use
password_hash
as spaceshiptrooper posted.
Emgo
October 23, 2016, 12:08am
4
I came across this issue with the current project I’m working on. md5 was a hack solution I found. I’d suggest reading the PHP manual on password & hashing.
system
Closed
January 22, 2017, 7:08am
5
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.