Il modo migliore per accedere alle password hash in PHP 5.3.5

3

Qual è il modo migliore per accedere alle password hash in PHP 5.3.5? Poiché in questa versione non ha password_hash() .

    
posta Pablo De Luca 24.02.2016 - 08:03
fonte

1 risposta

4

Se puoi aggiornare la versione di PHP è meglio farlo, ma a volte gli hosting condivisi hanno versioni precedenti di PHP come la tua che non supportano password_hash() .

Phpass sembra adattarsi bene in questo caso.

phpass (pronounced "pH pass") is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.4.x so far. (PHP 3 support is likely to be dropped in next revision.)

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).

Nota: se hai la versione PHP di > = 5.3.7 puoi anche utilizzare password_compat

    
risposta data 24.02.2016 - 08:56
fonte

Leggi altre domande sui tag