Created
October 19, 2022 15:43
-
-
Save cba85/17e0a7e37ffbaa7a2e0fbaa788d67ac4 to your computer and use it in GitHub Desktop.
Password hashing in PHP (For demonstration purpose only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// For demonstration purpose only | |
// Tester de trouver les mots de passe sur https://crackstation.net | |
$password = 'webstart'; | |
// MD5 | |
echo md5($password); | |
if ($password === md5($password)) { | |
echo 'logged'; | |
} | |
// SHA1 | |
echo sha1($password); | |
// Hash | |
echo hash('sha256', $password); | |
// Salt | |
$salt = 'abcdef'; | |
$randomSalt = 'xyz'; | |
$salted = md5($password . $salt . $randomSalt); | |
echo $salted; | |
$dbPassword = '...'; | |
if ($dbPassword === $salted) { | |
echo 'logged'; | |
} | |
// Bcrypt / Argon2 | |
/* | |
SECURED | |
http://php.net/manual/en/function.crypt.php | |
http://php.net/manual/en/book.password.php | |
*/ | |
$hash = password_hash($password, PASSWORD_DEFAULT, [ | |
'cost' => 12, | |
]); | |
echo $hash; | |
var_dump(password_get_info($hash)); | |
if (password_verify($password, $hash)) { | |
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) { | |
echo 'Needs rehash'; | |
echo $newHash = password_hash($password, PASSWORD_DEFAULT); | |
// Store the new hash | |
} | |
echo 'logged'; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment