Hashing passwords in PHP
Thursday, March 8th, 2012 | Programming, Tech
If you store passwords as part of a PHP script, you may be using md5() or sha1() to hash the password. This is common practice, but you may be suprised to know that actually, the PHP manual recommends against it.
The reason is that they are both fast but relatively insecure hashing algorithms that can be brute forced by modern computer systems if they get hold of the strings. A better approach is to use the crypt() function, which is a little more expensive in terms of resources, but worth it for the increased difficultly you create for any potential hackers.
If you store passwords as part of a PHP script, you may be using md5() or sha1() to hash the password. This is common practice, but you may be suprised to know that actually, the PHP manual recommends against it.
The reason is that they are both fast but relatively insecure hashing algorithms that can be brute forced by modern computer systems if they get hold of the strings. A better approach is to use the crypt() function, which is a little more expensive in terms of resources, but worth it for the increased difficultly you create for any potential hackers.