0
1
Mitul Dabhi
answered Nov 30 '-1 00:00
Bcrypt stand for blowfish encryption , bcrypt used for password hashing function .
implementation in PHP
echo password_hash("password", PASSWORD_BCRYPT);
BCRYPT, will produce a 60 character hash result. and it always start with "$2y$".
echo password_hash("password", PASSWORD_DEFAULT);
md5 — md5() function Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm in PHP.
it will produce 32-character hexadecimal number
i perfer BCRYPT to encrypt the password over the md5() because md5 produce 32-character hexadecimal number and BCRYPT, will produce a 60 character hash result , more character result means more security
php.net says ::
For Your Info(FYI)
Why are common hashing functions such as md5() and sha1() unsuitable for passwords?
Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.
Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.
0
ravi
answered Nov 30 '-1 00:00
if you use md5 with salt its great , its easy to reverse it with salt .
or use crypt function to generate salty password
$hashed_password = crypt('password');
if (hash_equals($hashed_password, crypt($_POST['password'], $hashed_password))) {
echo "Password verified!";
}
blowfish is generally seen a secure hashing algorithm