ITNewb.com: Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard

Mon, 21 Sep 2009 11:19:09 -0500

On the ITnewb.com site today there's a new tutorial looking at the encryption of passwords in your PHP apps using the RSA PBKDF2 standard - a "Password-Based Key Derivation Function" that uses a pseudorandom function/input with a salt run multiple times to produce your derived key.

When creating password hashes for storage, many programmers will run a password through MD5 once and call it a day, rendering those hashes very susceptible to attack if they're discovered. In this article, you'll learn how to create stronger hashes with PHP by using the RSA PBKDF2 Standard.

They create a quick function that takes in a few different values - the password to encrypt, a salt value, how many iterations to run, how long you want the derived key to be and which hash to use (in this case sha256).

PHPDeveloper.org

ITNewb.com: Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard