Home > Article > Backend Development > PHP implements password encryption
This article mainly shares with you examples of how to implement password encryption in PHP. Due to the fast hash algorithm, it is not recommended to use the md5
function to obtain the password. password_hash() uses a strong hash algorithm. , to generate a strong enough salt value, and will automatically proceed to the appropriate round. password_hash() is a simple wrapper around crypt() and is fully compatible with existing password hashes. So it is recommended to use password_hash().
string password_hash ( string $password , integer $algo [, array $options ] )
boolean password_verify ( string $password , string $hash )
Example:
<?php$hash = password_hash("rasmuslerdorf", PASSWORD_DEFAULT); if (password_verify('rasmuslerdorf', $hash)) { echo 'Password is valid!'; } else { echo 'Invalid password.'; }
Do not set the salt value yourself when creating a password
Reason: It is strongly recommended not to generate the salt value (salt) for this function yourself. As long as it is not set, it will automatically create a safe salt value. As mentioned above, providing the salt option in PHP 7.0 results in a deprecation warning. The ability to manually provide salt values may be removed in future PHP releases.
Do a benchmark test on your own server and adjust the cost parameter until the function time overhead is less than 100 milliseconds (milliseconds).
Example:
<?php/** * 这个例子对服务器做了基准测试(benchmark),检测服务器能承受多高的 cost * 在不明显拖慢服务器的情况下可以设置最高的值 * 8-10 是个不错的底线,在服务器够快的情况下,越高越好。 * 以下代码目标为 ≤ 100 毫秒(milliseconds), * 适合系统处理交互登录。 */$timeTarget = 0.1; // 100 毫秒(milliseconds) $cost = 8;do { $cost++; $start = microtime(true); password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]); $end = microtime(true); } while (($end - $start) < $timeTarget); echo "Appropriate Cost Found: " . $cost;
Result:
Appropriate Cost Found: 10
Related recommendations:
php user password encryption algorithm analysis
Several ways of password encryption in PHP_php examples
php password encryption speed is slow
The above is the detailed content of PHP implements password encryption. For more information, please follow other related articles on the PHP Chinese website!