Password Hashing PHP 7

IMO picture IMO · Feb 8, 2017 · Viewed 13.7k times · Source

I am currently learning PHP and I have been looking through the forum for current thinking on how best to Hash passwords in PHP.

Can anyone advise on what is currently the best password hashing method to use. I have been told about PHPass, but are there better alternatives in 2017?

Thank you for any advice,

Ian

Answer

Jay Blanchard picture Jay Blanchard · Feb 8, 2017

You should never encrypt passwords, you should only hash them. Encryption implies that you can decrypt the password into a human readable form. You should never do that. Hashing is a one way street and once hashed a password cannot be recovered in human readable form.

Please use PHP's built-in functions password_hash() and password_verify()to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.