Hashing passwords in PHP

If you store passwords as part of a PHP script, you may be using md5() or sha1() to hash the password. This is common practice, but you may be suprised to know that actually, the PHP manual recommends against it.

The reason is that they are both fast but relatively insecure hashing algorithms that can be brute forced by modern computer systems if they get hold of the strings. A better approach is to use the crypt() function, which is a little more expensive in terms of resources, but worth it for the increased difficultly you create for any potential hackers.



Don't have time to check my blog? Get a weekly email with all the new posts. This is my personal blog, so obviously it is 100% spam free.


Tags: , , ,

This entry was posted on Thursday, March 8th, 2012 at 6:09 pm and is filed under Programming, Tech. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.