PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Oct 16, 2017 9:12 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Thu Apr 27, 2017 2:22 pm 
Offline
Forum Contributor

Joined: Fri Jun 11, 2010 1:17 pm
Posts: 214
I'm wondering which method of password hashing is best for modern apps/sites? is hashing sha256 secure enough or the latter of using password verify. In all my newest projects I want to make sure I code them more securely. Thanks.

$password = hash('sha256', $pass);

OR

$hash = password_hash($password, PASSWORD_DEFAULT);

if (password_verify($user_password, $hash)) {
// Login successful.
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
// Recalculate a new password_hash() and overwrite the one we stored previously
}
}


Top
 Profile  
 
PostPosted: Thu Apr 27, 2017 2:32 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6571
Location: WA, USA
cjkeane wrote:
is hashing sha256 secure enough

No. No no no no no.

cjkeane wrote:
or the latter of using password verify.

Definitely that.


Top
 Profile  
 
PostPosted: Thu Apr 27, 2017 3:24 pm 
Offline
Forum Contributor

Joined: Fri Jun 11, 2010 1:17 pm
Posts: 214
i value your input! Thank you! In addition to that, what are your thoughts on using hash, plus salt and sha512?


Top
 Profile  
 
PostPosted: Fri Apr 28, 2017 2:15 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6571
Location: WA, USA
Since PHP added those password_* functions there is no reason to do password hashing on your own. You can learn about algorithms and such for fun, but unless you become fluent in advanced mathematics and have mastered the field of cryptography, let password_hash do it for you.


Top
 Profile  
 
PostPosted: Fri Apr 28, 2017 12:41 pm 
Offline
Forum Contributor

Joined: Fri Jun 11, 2010 1:17 pm
Posts: 214
thanks! i'll use password_hash from now on :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group