In this recent post to his site Jeremy Kendall shares some of his thoughts about password hashing and a new library he's written to help make it simpler - event with an existing password hashing method in place.
We all know to encrypt passwords for highest level of security. Unfortunately, too many do it [the wrong way]. While there was never any excuse for getting it that wrong, there's now no excuse for getting it wrong at all. Developers, meet the new(-ish) PHP password hashing functions (and the userland implementation password-compat).
He shows how to use this password hashing correctly with the "default" hash and how to store that in the database. His Password Validator library aims to help make this even simpler and adds in other features like rehashing and upgrading of legacy passwords. The remainder of the post shows how to use the library for these functions and how to persist them in the tool's storage decorator and interface functionality.
Link: http://jeremykendall.net/2014/01/04/php-password-hashing-a-dead-simple-implementation/
没有评论:
发表评论