Securing Passwords5:01 with Alena Holligan
There are many ways a user can secure their passwords when storing them in a database, however, bcrypt is the defacto standard.
password_hash() - PASSWORD_DEFAULT currently defaults to PASSWORD_BCRYPT and is used to create new password hashes using the CRYPT_BLOWFISH algorithm.
This will always result in a hash using the "$2y$" crypt format, which is always 60 characters wide.
- salt - to manually provide a salt to use when hashing the password. Note that this will override and prevent a salt from being automatically generated. If omitted, a random salt will be generated by password_hash() for each password hashed. This is the intended mode of operation.
- cost - which denotes the algorithmic cost that should be used. Examples of these values can be found on the crypt() page. If omitted, a default value of 10 will be used. This is a good baseline cost, but you may want to consider increasing it depending on your hardware.
More about the Modular Crypt Format (MCF)
You need to sign up for Treehouse in order to download course files.Sign up