The safest way to handle user passwords is to use encrypted storage rather than plaintext saving. 1. Use PHP's password_hash() function to encrypt passwords, and the Bcrypt algorithm is used by default, without manually specifying salt values; 2. Use password_verify() to compare constant time during login verification to prevent timing attacks; 3. You can improve encryption strength by adjusting cost parameters, while paying attention to performance balance; 4. If you need algorithm upgrade, you can use password_needs_rehash() to migrate to Argon2 and other safer algorithms; 5. Avoid using md5, sha1, crypt or custom encryption logic to eliminate plaintext or unified salt value storage. Each step ensures that the password is still difficult to crack after it is leaked.

The safest way to handle user passwords is not to simply save them, but to ensure that even if data is leaked, the user's password will not be easily cracked. In PHP, it is not complicated to do this, just use the right method.

Use password_hash() to store password

PHP provides a very convenient function: password_hash() , which is specially used to securely encrypt user passwords. This function uses the Bcrypt algorithm by default, which is enough to meet the needs of most scenarios.

You just need to write this:

 $hashedPassword = password_hash($userInputPassword, PASSWORD_DEFAULT);

where $userInputPassword is the plaintext password entered by the user. The generated hash value can be stored directly in the database.

Small details: Don't specify salt yourself, let password_hash() automatically generate. Manually managing salt is not only prone to errors, but may also reduce security.

Verify login with password_verify()

When the user logs in, the password cannot be directly compared. The correct way is to verify the password entered by the user and the hash value saved in the database:

 if (password_verify($userInputPassword, $storedHash)) {
    // The password is correct} else {
    // Password error}

This function will automatically process the hashing algorithm and salt values, and you do not need to disassemble or process the hash string yourself.

Note: password_verify() is a constant-time comparison that can prevent timing attacks.

Regularly update password policies and algorithm configurations

Although PASSWORD_DEFAULT points to Bcrypt by default, if you have higher security requirements, you can manually adjust the cost parameter to increase the calculation intensity:

 $options = [
    'cost' => 12,
];
$hashedPassword = password_hash($password, PASSWORD_DEFAULT, $options);

However, too high costs will also affect server performance, so it is recommended to select the appropriate cost value based on the actual server configuration.

In addition, with the development of technology, there may be better algorithms to replace Bcrypt in the future. For example, if you need to migrate to Argon2 (PHP 7.2 support) one day, you can use PASSWORD_ARGON2I or other variants.

During migration, you can use the password_needs_rehash() function to determine whether re-encryption is required:

 if (password_needs_rehash($storedHash, PASSWORD_DEFAULT, ['cost' => 12])) {
    $newHash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
    // Update password hash in the database}

List of things you shouldn't do

• ? Do not use md5() , sha1() or crypt() , these methods are no longer safe.
• ? Don’t store passwords explicitly, even if you think “the system will not be exposed.”
• ? Do not encrypt all users' passwords with the same salt.
• ? Don't try to implement password encryption logic yourself.

Basically that's it. It may seem simple, but every step is crucial.

The above is the detailed content of Describe the secure way to handle user passwords in php.. For more information, please follow other related articles on the PHP Chinese website!