Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Thankfully people have realized this in settings like PHP leading them to drop the old suggested password hashing method... which at this point I can't recall, but it involved setting up salts manually and making sure you had a strong IV... which no common web devs would do.

Now you've just got to call these two:

https://www.php.net/manual/en/function.password-hash.php

https://www.php.net/manual/en/function.password-verify.php

and if you really want to tweak things you can, but the simple route is moderately secure



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: