Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Shay Ben Moshe's Blog:
Hashing Passwords Properly
May 13, 2011 @ 08:47:42

Shay Ben Moshe has a new post to his blog looking at a method he's come up with for hashing passwords the proper way and saving them to a database for future checking. His encryption methods of choice crypt and a random salt generator.

The easy and common solution for this particular problem is to use an one-way hash function, such as md5 and sha1, which takes the password and encrypts it. Unfortunately, this method is not as strong as you may think. [...] We can protect our password from rainbow tables and similar attacks by using salts.

He talks about storing passwords in a database (never as plain text!) and what rainbow tables are and how they can make it simple for a user to break a poorly hashed value. He shows how to use the crypt function together with the sha512 hashing tool to make a salt.

tagged: password hashing crypt sha512 tutorial

Link: