2017-03-24 06:30
浏览 59


Now with password_hash() in PHP >=5.6, do we need to also use BCRYPT to make the object/password more secured?

If yes, then could any one please describe how to store a password in registration page using password_hash() AND BCRYPT, and then how to retrieve information to login user on login page?

Sorry if anyone is offended by a beginner's limited knowledge. I am confused and didn't quite get the answer.


I got the idea now, there is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime. The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB). Thanks everyone.

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

2条回答 默认 最新

相关推荐 更多相似问题