Password Protection in PHP

Asked

Viewed 53 times

-2

I have a function implemented in my system that makes the password storage as follows:

function codifica($usuario, $senha){
    $codifica = crypt($senha,$usuario);
    $codifica = hash('sha512',$codifica);
    return $codifica;
}

I’ve seen that usually people simply make use of the password_hash and of password_verify

I don’t know much about encryption and hashing, I wonder if the function I used is secure enough or if I should stop everything I’m doing and implement password_hash() and password_verify().

php cryptography php-7 hash

1 answer

0


From what I understand, briefly:

The function I use is relatively safe, but password_hash implements and raises security by generating random Salts. The mentioned function generates a kind of salt using the user crypt() and password, i.e., a fixed salt that can be attacked using Rainbow Tables (reverse query tables for hashes).

For those who want to know more, follow the link to the source in Portuguese: https://www.ibm.com/developerworks/br/library/wa-php-renewed_2/index.html

Browser other questions tagged php cryptography php-7 hash

You are not signed in. Login or sign up in order to post.