When we give our password to an internet service, we assume that its going to be safe. But is it?
How can we store passwords safely?
Hashing is the standard way of protecting a user’s password before it’s stored in a database. Many common hashing algorithms like md5 and even sha1 are unsafe for storing passwords, because hackers can easily crack passwords hashed using those algorithms. md5 is better than storing raw passwords, but is not well suited for password encryption as it can easily be broken. sha1() and hash() functions are slightly more secure (especially in combination) but still don’t give as much protection against hackers as Phpass.
The most secure way of hashing passwords is to use the bcrypt algorithm. The open-source phpass library provides that functionality in an easy-to-use class.
1.Download this library. All you need is the file PasswordHash.php
2.Include the phpass library
3.Initialize the hasher
View original post 26 more words