I'm wondering which method of password hashing is best for modern apps/sites? is hashing sha256 secure enough or the latter of using password verify. In all my newest projects I want to make sure I code them more securely. Thanks.
$password = hash('sha256', $pass);
OR
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($user_password, $hash)) {
// Login successful.
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
// Recalculate a new password_hash() and overwrite the one we stored previously
}
}
Which password hash is more secure?
Moderator: General Moderators
Re: Which password hash is more secure?
No. No no no no no.cjkeane wrote:is hashing sha256 secure enough
Definitely that.cjkeane wrote:or the latter of using password verify.
Re: Which password hash is more secure?
i value your input! Thank you! In addition to that, what are your thoughts on using hash, plus salt and sha512?
Re: Which password hash is more secure?
Since PHP added those password_* functions there is no reason to do password hashing on your own. You can learn about algorithms and such for fun, but unless you become fluent in advanced mathematics and have mastered the field of cryptography, let password_hash do it for you.
Re: Which password hash is more secure?
thanks! i'll use password_hash from now on 