All geek questions in one place

Using hashing to securely store user passwords

Try searching StackOverflow before asking a question. He has already answered many questions. For instance:

Hi

I want no one to see my password even in the database.

So, I used a hash function like this

$passowrd_hash=hash('shal',$_POST['password']);

Now I can easily save this password_hash value in the database. It will be something like an encrypted form.

Now the user knows his initial password, he does not know this encrypted password.

Now, if he tries to log in through this original password .. He cannot log in.

So, is there any method so that it can be decrypted and the user can log in. Thus, it can simultaneously receive both a password and a password.

How to do it?

+4
source share
6 answers

you need a hash to enter the user password and compare hashes.

+13
source

All you have to do is encrypt your password and compare them; the hash in the database and the one you just encrypted. If they match, the password entered is correct. I assume that you are using an algorithm like SHA1.

+1
source

Before comparing the password entered by the user with the name in the database, encrypt the published password in the same way as the saved password.

+1
source

You do not need to decrypt it. You cannot convert a hash to plain text, its one-way function. So basically you enter the input password and compare the two hashes:

 Eg (pseudo code):- if hash(password entered by user) == password stored in databse Then //logged in successfully else //login failed end if
+1
source

As already mentioned, you need to hash the password every time it re-enters it, and compare the hash with what is in your database.

You should also explore the use of salt in your hash algorithm. There is a lot of discussion in this question:

Secure hash and salt for PHP passwords

+1
source

I highly recommend using md5 () http://php.net/manual/en/function.md5.php .

When a user signs up, you save:

 $password = md5($_POST['password']);

And when the user logs in, check:

 if($_POST['password_entered'] == $passwordFromDB) : // Log user in else : // Show error to user endif;
0
source

Source: https://habr.com/ru/post/1299322/

More articles:


All Articles