Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Encrypting Passwords in PHP
Due to the fact that Blowfish has vulnerabilities before PHP version 5.3.7, it would be suggested to use SHA-256 or SHA-512 instead. Both of them have a similar salt format similar to that of Blowfish (use a prefix of $5$ for SHA-256 and $6$ for SHA-512). In addition to this, it also contains an optional rounds parameter to force multiple hashing.
The salt on its own is a little shorter at only 16 characters but unlike Blowfish, it allows more than just alphanumeric characters.
Example
echo 'SHA-256 (no rounds): ' . crypt('password-to-encrypt', '$5$YourSaltyStringz$');
echo 'SHA-512 (with rounds): ' . crypt('password-to-encrypt', '$6$rounds=1000$YourSaltyStringz$');Output
This will produce the following output −
SHA-256 (no rounds): $5$YourSaltyStringz$td0INaoVoMPD4kieVrkGE67siKj3N8.HSff8ep0Ybs8SHA-512 (with rounds): $6$rounds=1000$YourSaltyStringz$A5UHscsEbSnPnaV6PmSF5T/MQK.Wc3klA.18c.gXG5pD0PVYSVr/7xwRu1XJyn8XpiMDNRTvpJm5S8DkmSywz1
Similar to Blowfish, the resulting hashes will contain the salt as part of the resultant hash.
Updated on: 07-Apr-2020
259 Views
Advertisements