All geek questions in one place

Is Mcrypt out of date? - How to correctly encrypt and save a password in PHP?

I was told that php mcrypt is deprecated, and I have to use a different method for hash and salt my passwords.

This is what I am doing now:

public function saveNewUser(array $data) {
  $passwd = $this->mysqli->real_escape_string($datas['passwd']);
  $options = [
      'cost' => 11,
      'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)
  ];

  $hashed_passwd = password_hash($passwd, PASSWORD_BCRYPT, $options);
  $this->optin_hash = md5(rand());
  //...
  //save user in DB with hashed passwd

Login:

if (password_verify($_POST['user_password'], $result_row->gmw_usr_passwd)) {//do some login stuff}

1.) What is the last and most secure way to encrypt and save a password? Can you give an example of use or a link on how to correctly save the password for encryption and how to check it for login ?

2.) In php Documentary, I read something about password_hash:

password_hash () creates a new password hash using a strong one-way hash algorithm. password_hash () is compatible with crypt (). Therefore, the password hashes generated by crypt () can be used with password_hash ().

(...)

salt PHP 7.0.0. , .

2.a) password_hash , ?

2.b) ?

2.c) , , , ? ?

2.d) , password_hash?

EDIT: , , password_hash ( -).

Artjom B. mcrypt (?)

+4
1

, PHP PHP 7.0, password_hash , password_verify , .

, crypt(), , , , , ( rand ).

2b, , PHP , .

, _hash, , , password_verify.

, mcrypt , .

+5

Source: https://habr.com/ru/post/1658597/

More articles:


All Articles