Which password hash is more secure?
Posted: Thu Apr 27, 2017 2:22 pm
I'm wondering which method of password hashing is best for modern apps/sites? is hashing sha256 secure enough or the latter of using password verify. In all my newest projects I want to make sure I code them more securely. Thanks.
$password = hash('sha256', $pass);
OR
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($user_password, $hash)) {
// Login successful.
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
// Recalculate a new password_hash() and overwrite the one we stored previously
}
}
$password = hash('sha256', $pass);
OR
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($user_password, $hash)) {
// Login successful.
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
// Recalculate a new password_hash() and overwrite the one we stored previously
}
}