2
I don’t know much about hash
and security, I found two functional functions and I couldn’t figure out what the difference would be between them and therefore which is the safest one to save and capture passwords.
My question is which one should I use, password_hash
or crypt
? I know that the password_hash
uses internally the crypt
, That makes it more complete and safe?
Examples:
crypt:
$hash = crypt($pass); //criptografa
if(crypt($pass, $hash) == $hash) //verifica a senha
password_hash
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(50, MCRYPT_DEV_URANDOM),
];
$hash = password_hash($pass, PASSWORD_BCRYPT, $options); //criptografa
if (password_verify($pass, $hash)) //verifica senha
Related: How to hash passwords securely?
– Guilherme Nascimento