Modern online tools to simplify ordinary users and developers daily life. This website has essential impact for everyone.
Hash - What is it?
A hash is a string or number generated from a string of text. The resulting string or number is a fixed length, and will vary greatly with small differences in the input. The best hash algorithms are designed so that it is impossible to return the hash back to the original string.
Why should I hash passwords provided by my app users?
Password hashing is one of the primary security considerations This should be done when designing any application that accepts passwords from users. Without hashing, any passwords stored in a file the application database dump can be stolen if the database is hacked, and then you are immediately used to compromise not only your app, but also user accounts on other services, if they do not use unique passwords.
NB! It's recommended to use BCrypt or Argon2i hashes, Argon2i is the latest winner of the Password Hashing Competition in July 2015.
By applying a hashing algorithm to user passwords before storing them In your database, you make it implausible to any attacker Determine the original password, while continuing to compare The resulting hash back to the original password in the future.
It is important to note, however, that password hashing only protects From being hacked into your data store (database raw?), but not necessarily Protecting them from being intercepted by malicious code injected into a application itself.
- NEVER Do not use plain text passwords in your database.
- If you prefer your own salts, always use different types for each password.
- Use the PHP PASSWORD_DEFAULT algorithm to always be with the latest version of the hash.
- Try to delay entering the users password to fight the brute forcing, for example: record IP addresses, after 10 attempts block it for 5 minutes or simply use captcha.
- Update your website to SSL (https) to encrypt your data and prevent the man in the middle attack.