On PHPBuilder.com today there's a new post introducing you to a relatively recent advancement in PHP (in version 5.5), the password hashing API. In this article they cover the basics including hashing and verifying the result.
PHP has always had a few simple ways to implement password hashing to an extent. MD5 and SHA1 are examples of this, but the security of these methods is not what it should be. [...] What we need is a secure password encryption mechanism that uses SALT and perhaps even something else to help us safely encrypt our passwords for later use. [...] Lucky for us, the folks at PHP have thought about this long and hard, and the result is a very simple PHP password hashing API that is not only easy to use, but fast and secure.
They briefly look at the two major functions in the updated feature - password_hash and password_verify and some basic code examples of their use.
Link: http://www.phpbuilder.com/articles/application-architecture/security/implementing-secure-passwords-in-php-5.5.html
没有评论:
发表评论