Historically, password security in PHP has been a bit slippery, requiring a measure of knowledge and care. Aiming to change that, PHP 5.5 introduces a special password_hash() function which makes password security much easier, and with features such as automatic algorithm upgrading, even more robust. There’s also a compatibility library for PHP >= 5.3.7.
If you’ve ever looked at login code, the chances are you’ve seen developers using hash(‘sha256’, $password), or even md5($password) to “secure” user passwords. Password hashes generated this way are laughably easy to crack; with weak algorithms and no salting or stretching in place you’re almost giving your passwords to an attacker who gains access.
Go to Source of this post
Author Of this post: