AJugOrNot Posted July 4, 2013 Share Posted July 4, 2013 Hi everyone, sorry if this post doesn't have proper English, I'm really tired. So I know that php 5.5 uses some new type of encryption that is automatically a php function and is better because it is cracked slower (I think its bcrypt or something like that) I have tried looking online for the "best" way to save passwords, but every time I find a post I see another user saying that the last method just posted is easily crackable or shouldn't be used. From what I have read online, it seems the method used in the PHP and MySQL for Dynamic Web Sites book is not the most secure currently. While PHP 5.5 has the bcrypt, the hosting company I am with only allows php 5.3. What are some best practices currently in 5.3? I also have Effortless E-Commerce and I am going through that book currently. If there is an "acceptable" method in there just tell me to keep reading. Link to comment Share on other sites More sharing options...
Jonathon Posted July 4, 2013 Share Posted July 4, 2013 This is a decent way to store passwords. http://php.net/manual/en/function.hash-hmac.php 1 Link to comment Share on other sites More sharing options...
Guest Deleted Posted July 7, 2013 Share Posted July 7, 2013 Download and include this file and you'll be able to use the new password hashing stuff without having php 5.5: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php If you need help using it, let me know. Link to comment Share on other sites More sharing options...
Recommended Posts