Scott Arciszewski has posted a new tutorial to his site helping you get scrypt installed as an alternative to some of the other cryptographic functionality that's already supported by PHP (like bcrypt).
Most newbie PHP developers suck at developing user authentication systems. When not storing passwords in plaintext, they just wing it with a simple hash function and hope it's good enough. Instead of md5(), sha1(), or hash(), you should consider using scrypt, pbkdf2, or bcrypt. Today, I'll go through the steps required to start using scrypt in your web applications.
He walks you through the exact steps you'll need to get scrypt installed and working happily with PHP (provided you have root on the machine). Thankfully, it's pretty easy thanks to the scrypt extensionupdated version of a scrypt wrapper you can use in your applications.
Link: https://s.arciszewski.me/blog/2013/10/php-scrypt-setup
没有评论:
发表评论