News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Oscar Merida's Blog:
Using bcrypt to store passwords
June 15, 2012 @ 10:52:41

Oscar Merida has a recent post to his blog about using the bcrypt functionality to more securely store the password information for your application's users.

The linkedin password breach highlighted once again the risks associated with storing user passwords. I hope you are not still storing passwords in the clear and are using a one-way salted hash before storing them. But, the algorithm you choose to use is also important. [...] The choice, at the moment, seems to come down to SHA512 versus Bcrypt encryption.

[...] I wanted to switch one of my personal apps to use bcrypt, which on php means using Blowfish encryption via the crypt() function. There's no shortage of classes and examples for using bcrypts to hash a string. But I didn't find anything that outlined how to setup a database table to store usernames and passwords, salt and store passwords, and then verify a login request.

He shows you how to set up a simple "users" table and the code for a "save_user" method that takes in the username/password and generates a salt and calls crypt on it with the Blowfish prefix on the string ($2a$). His login check function ("validate_user") then takes the user's input, does the same hashing and checks the result.

0 comments voice your opinion now!
bcrypt password store user tutorial blowfish


blog comments powered by Disqus

Similar Posts

DevShed: Developing a Captcha Application with an Image Generator Class with PHP 5

Zend Developer Zone: AJAX Chat Part Tutorial 6 : Updating the User List

Builder.com: Match users to their geo-location with PHP and PEAR Net:Geo

Rob Allen's Blog: Updated tutorial for Zend Framework 2 beta 1

PHPPro.org: SQL Intro, Reciprocal Links & Finding Links with DOM


Community Events





Don't see your event here?
Let us know!


release tool voicesoftheelephpant install composer interview security language podcast library package opinion application version introduction series community framework laravel symfony

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework