Hi,
Is there any PHP function that could be recommended to replace md5 and sha-1?
Currenltly I use,
$password = md5($_POST['password'] . '******');
Is it simply a case of replacing this with password_hash,
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT, $options)."\n";
I am reading this from the PHP manual page
http://php.net/manual/en/function.password-hash.php
Thanks,
Shane
Hi,
The above isnāt working. I tried something a little simpler but still no output. This is in the body of a html file,
<?php
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."\n";
?>
The PHP manual says that there are no libraries or extra installation needed to use this function.
PHP version is 5.4.34
Thanks,
Shane
Yup. Except donāt create your own salt. The new password_hash function will do that for you. Also, Iād suggest not specifying the algorithm either. One day, something better than bcrypt might come along and become the new default. When that happens, if you didnt specify bcrypt, then you get the new algorithm for free.
This function was introduced in PHP version 5.5. If youāre on less than that, then check out the āuserland implementationā in the āsee alsoā section.
Ah yes, I see now that my hosting company is not using php 5.
Thanks,
Shane
Hi,
I canāt see āsee alsoā anywhere and what is meant by a āuserland implementationā?
http://php.net/manual/en/function.password-hash.php
Shane
Sorry found it thanks
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.