what is an alternative to password_hash() for (PHP

2019-01-18 22:41发布

According to manual: password_hash this function can be used for (PHP 5 >= 5.5.0)

After searching for an alternative way I found this simple function from here: http://www.sitepoint.com/password-hashing-in-php/

function generateHash($password) {
    if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
        $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
        return crypt($password, $salt);
    }
}

I can manage my code by using function_exists before using, but My question is about above alternative code if its secure or not, or is there any alternative in older versions of PHP?

标签： php security hash passwords php-password-hash

2条回答

一纸荒年 Trace。

2楼-- · 2019-01-18 23:23

For versions of PHP > 5.3.7 but prior to 5.5.0, you can find an implementation of password_hash at https://github.com/ircmaxell/password_compat written by the same person that developed the version now implemented in PHP 5.5.0+ and deliberately intended to provide backward compatibility

0人赞添加讨论(0) 举报

Emotional °昔

3楼-- · 2019-01-18 23:32

For PHP versions < 5.3.7, I'd recommend:

http://www.openwall.com/phpass/

For PHP versions >= 5.3.7, use:

https://github.com/ircmaxell/password_compat

Generating your own salts takes a lot of know how, because a good, proper salt requires a lot of entropy. Generating this salt in PHP is troublesome, which is why you usually end up depending on other resources to provide this string for you, such as /dev/urandom or openssl_random_pseudo_bytes. Believe me, this isn't something you want to try yourself without serious research and consideration.

Using the new password_* API is recommended, but it can be problematic if you need to support older versions of PHP, which is where PHPass comes in. Gotta hate those $1 per month hosting plans with PHP 5.2

0人赞添加讨论(0) 举报

what is an alternative to password_hash() for (PHP

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间