|December 23, 2016||0|
password_hash() creates a new password hash using a strong one-way hashing algorithm. It is compatible with crypt(). Therefore, password hashes created by crypt() can use with it.
The purpose behind hashing passwords is simple: preventing malicious access to user accounts by compromising the database. So the aim of password hashing is to deter a hacker or cracker by costing them too much time or money to calculate the plain-text passwords. And time/cost are the best deterrents in your arsenal.
Another reason that you want a good, robust hash on a user accounts is to give you enough time to change all the passwords in the system. If your database is compromised you will need enough time to at least lock the system down, if not change every password in the database.
When a password is only lowercase roman letters, that’s only 26 characters. That isn’t much variation. Alpha-numeric passwords are better, with 36 characters. But allowing upper and lower case, with symbols, is roughly 96 characters. That’s a lot better than just letters.
# Example of encryption string for your password:
<?php $wwws = "$welcome123"; echo md5($wwws); ?>
Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the “$2y$” identifier. The result will always be a 60 character string, or
FALSE on failure.
Coming in PHP 5.5 is a full password protection library that abstracts away any pains of working with bcrypt. While most of us are stuck with PHP 5.2 and 5.3 in most common environments, especially shared hosts.