- Trending Categories
- Data Structure
- Operating System
- C Programming
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Encrypting Passwords in PHP
Due to the fact that Blowfish has vulnerabilities before PHP version 5.3.7, it would be suggested to use SHA-256 or SHA-512 instead. Both of them have a similar salt format similar to that of Blowfish (use a prefix of $5$ for SHA-256 and $6$ for SHA-512). In addition to this, it also contains an optional rounds parameter to force multiple hashing.
The salt on its own is a little shorter at only 16 characters but unlike Blowfish, it allows more than just alphanumeric characters.
echo 'SHA-256 (no rounds): ' . crypt('password-to-encrypt', '$5$YourSaltyStringz$'); echo 'SHA-512 (with rounds): ' . crypt('password-to-encrypt', '$6$rounds=1000$YourSaltyStringz$');
This will produce the following output −
SHA-256 (no rounds): $5$YourSaltyStringz$td0INaoVoMPD4kieVrkGE67siKj3N8.HSff8ep0Ybs8SHA-512 (with rounds): $6$rounds=1000$YourSaltyStringz$A5UHscsEbSnPnaV6PmSF5T/MQK.Wc3klA.18c.gXG5pD0PVYSVr/7xwRu1XJyn8XpiMDNRTvpJm5S8DkmSywz1
Similar to Blowfish, the resulting hashes will contain the salt as part of the resultant hash.
- How Do Hackers Steal Passwords?
- How to generateencryptdecrypt random passwords in linux
- Python Function to Check UNIX Passwords
- How You Can Secure All Your Passwords
- What you should know about VPN passwords?
- How to generate passwords with varying lengths in R?
- Print * in place of characters for reading passwords in C
- How to store usernames and passwords safely in MySQL database?
- How to Automatically Generate Random Secure Passwords in Google Chrome?
- Why is char preferred over String for storing passwords?