How to store passwords securely


When we give our password to an internet service, we assume that its going to be safe. But is it?

How can we store passwords safely?

Hashing is the standard way of protecting a user’s password before it’s stored in a database. Many common hashing algorithms like md5 and even sha1 are unsafe for storing passwords, because hackers can easily crack passwords hashed using those algorithms. md5 is better than storing raw passwords, but is not well suited for password encryption as it can easily be broken. sha1() and hash() functions are slightly more secure (especially in combination) but still don’t give as much protection against hackers as Phpass.

The most secure way of hashing passwords is to use the bcrypt algorithm. The open-source phpass library provides that functionality in an easy-to-use class.

1.Download this library. All you need is the file PasswordHash.php
2.Include the phpass library require(“PasswordHash.php”);
3.Initialize the hasher

View original post 26 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s