dongzun9958 2017-03-24 06:30
浏览 59
已采纳

如何在PHP中使用带有password_hash()的BCRYPT

Now with password_hash() in PHP >=5.6, do we need to also use BCRYPT to make the object/password more secured?

If yes, then could any one please describe how to store a password in registration page using password_hash() AND BCRYPT, and then how to retrieve information to login user on login page?

Sorry if anyone is offended by a beginner's limited knowledge. I am confused and didn't quite get the answer.

UPDATE:

I got the idea now, there is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime. The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB). Thanks everyone.

  • 写回答

2条回答 默认 最新

  • douhu2525 2017-03-24 07:34
    关注

    The whole idea behind password_hash() is to always use an up-to-date hashing algorithm. Currently, the default algo. used is exactly BCRYPT. It even allows you to pass more options in order to make your password even more secure(for example your own salt or work factor). And what's even better, is that php also offers the password_needs_rehash() function that allows you to check later if a given hash was created using the current algo,and if not, you can just rehash the password. Check out the official php documentation page for pasword_hash(): http://php.net/manual/en/function.password-hash.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog