Crypt passwords in the DB
https://stackoverflow.com//questions/12667557
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I was looking about best practice for password protect, everybody are talking about bcrypt and others hashing classes. But I can't get how To verify password if it contains unique random salt .
For cookies its fine, but without em - each time would be unique crypted value, how can I verify users password with random values? Oo . Or bcrypt only for cookies? Then what I should do with password in db?
Please describe to me my mistakes - what I've lost when learning about it.
Solution
The bcrypt algorithm creates a random salt that is stored as part of the hash in a standardised way.
See How do you use bcrypt for hashing passwords in PHP? for a working example.
See also:
(edited heavily since my answer was wrong before)
OTHER TIPS
There will be a group of function in the next php version, for details see the accepted RFC.
Anthony, the author of the RFC and the patch was kind enough to provide a compatibility library written in php so you can start using this new functionality now!
Behind the scenes it uses crypt with the strongest algorythm currently known.
