Traditional encryption method:
md5 (password salt value);
$passwordString='your password';//你的密码 $salt="your salt value";//盐值,增加复杂度(随机字串) $md5Password=md5($passwordString.$salt);
Theoretically, md5 is irreversible and is a relatively safe encryption method. But I want to remind you that md5 was cracked by the Chinese as early as 2004. Once someone drags the database, the possibility of password leakage is extremely high.
Now recommend a new processing method:
Password hashing algorithm function
password_get_info — Returns the specified hash Information about (hash)
password_hash — Create a hash of a password (hash)
password_needs_rehash — Checks if the given hash matches the given options
password_verify — Verify whether the password matches the hash
PHP5.5 introduces the Password Hashing function, which comes with the kernel and does not require the installation of extensions. It is possible to test it under PHP5.4. It is best to confirm whether your current environment supports these functions before using it.
Password Hashing mainly provides 4 functions
//查看哈希值的相关信息 array password_get_info (string $hash) //创建hash密码 string password_hash(string $password , integer $algo [, array $options ]) //判断hash密码是否特定选项、算法所创建 boolean password_needs_rehash (string $hash , integer $algo [, array $options ] boolean password_verify (string $password , string $hash) //验证密码
Code demonstration:
$password = 'password123456';//原始密码 //使用BCRYPT算法加密密码 $hash_password = password_hash($password, PASSWORD_BCRYPT); if (password_verify($password , $hash_password)){ echo "密码匹配"; }else{ echo "密码错误"; }
Important features:
After encryption by password_hash The password is difficult to crack using the dictionary method because the password generated is different every time. This encryption can only be cracked using brute force.
Final reminder:
No matter how good the encryption method is, if the original password is set too simple, it will be easily cracked. Setting a complex password is the best way.
The above is the detailed content of [Hash Password] PHP is a more secure encryption method than md5. For more information, please follow other related articles on the PHP Chinese website!