Which is the most slowest hash function in PHP?
Or, to put it in another way, what hash function(s) in PHP are specifically designed for password storage?
Asked
Active
Viewed 1,510 times
3
-
1You can simply take a fast hash function and apply it again and again, until the process is slow enough for you liking. – sth Apr 28 '12 at 13:15
-
Possible duplicate of http://stackoverflow.com/questions/253673/recommended-hash-for-passwords-in-asp-classic – nullpotent Apr 28 '12 at 13:19
-
@sth: Indeed, that has the added benefit of being able to update the already computed hashes with more and more iterations and keep it slow enough over the time. – Alix Axel Apr 28 '12 at 13:58
1 Answers
3
I believe bcrypt is the slowest hashing algorithm currently available and is why it is most commonly recommended for hashing passwords. Here's a PHP 5.3 implementation.
Community
- 1
- 1
John Conde
- 217,595
- 99
- 455
- 496
-
I've been seeing bcrypt once in a while for sometime now and I'm wondering why there is no native support in PHP for this seemingly best approach when it comes to password hashing? Or is bcrypt more of an idea and can be implemented in several ways? – IMB Apr 28 '12 at 13:36
-
It's an algorithm that can therefore be implemented in countless ways. Native support would be a good idea, because attackers would certainly use the fastest method available, and you are otherwise stuck in a relatively slow implementation in PHP (which won't help responsiveness or CPU usage on your servers). – Maarten Bodewes May 05 '12 at 14:43