开发者

Best hashing technique for php mysql login?

What is t开发者_如何学JAVAhe best method for hashing user passwords in a mysql database?


I use Portable PHP password hashing framework, as does Wordpress.

Link: Portable PHP password hashing framework


You should use bcrypt.

For more information, read this.


You can use Mycript, and choose an appropriate hashing alghoritm (i suggest a SHA-2 family for good trade between speed / security), better with salting. BUT as someone else suggested, i think it's better to use a standard frawework and don't reinvent the wheel for the thousanth time: check phpass library.


http://php.net/manual/en/function.hash.php
and choose a good hash function.. sha256 if you build nuclear rockets..

but using an openid would be even better: http://openid.net/get-an-openid/what-is-openid/

then you don't need all those things :)


In the first place you should be thinking not of the best hashing function but of disallowing simple passwords.

Otherwise no hashing will help.

Thus, first of all check user passwords for complexity, ask them to be at least 10 characters long, contains different case letters and numbers.

Then you have to make a hash of it, by adding some salt. users email or registration time would be okay.

$hashedpass = MD5($email.$pass);

that's all

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜