Asked 7 years ago
11 Feb 2017
Views 2645
pratik

pratik posted

bcrypt vs md5

bcrypt vs md5 in php , which one is good to use to encrypt the password ?
Mitul Dabhi

Mitul Dabhi
answered Nov 30 '-1 00:00

Bcrypt stand for blowfish encryption , bcrypt used for password hashing function .

implementation in PHP


echo password_hash("password", PASSWORD_BCRYPT);

BCRYPT, will produce a 60 character hash result. and it always start with "$2y$".


echo password_hash("password", PASSWORD_DEFAULT);


md5 — md5() function Calculates the MD5 hash of str using the » RSA Data Security, Inc. MD5 Message-Digest Algorithm in PHP.
it will produce 32-character hexadecimal number


i perfer BCRYPT to encrypt the password over the md5() because md5 produce 32-character hexadecimal number and BCRYPT, will produce a 60 character hash result , more character result means more security

php.net says ::
For Your Info(FYI)

Why are common hashing functions such as md5() and sha1() unsuitable for passwords?

Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.

Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.

ravi

ravi
answered Nov 30 '-1 00:00

if you use md5 with salt its great , its easy to reverse it with salt .
or use crypt function to generate salty password


$hashed_password = crypt('password');
if (hash_equals($hashed_password, crypt($_POST['password'], $hashed_password))) {
   echo "Password verified!";
}


blowfish is generally seen a secure hashing algorithm
Post Answer