PHP/SQL - Password and Email security (theory)

Question

Possible Duplicate:
Best way to encode passwords in PHP

I've been reading a lot of things about password and email hashing and I am not quiet sure I figure out what is the best method. It's clear that md5 and SHA are outdated and pretty useless but when it comes to all the crypt's, mcrypt_encrypt, hash(), etc.:

which one is an effective way of secure PASSWORDS AND EMAILS nowadays?;(maybe A BEST way?)
can I use the same method for both?;

Really appreciated if someone could give me some advise.

score 0 · Accepted Answer · answered Jul 22 '12 at 10:25

Have a look at this blog. It as good information about password hashing.

http://blog.ircmaxell.com/search/label/Password-Hashing

The author also has a password hashing library, which only uses quality, vetted algorithms.

That note aside, you should use bcrypt, or PBKDF2 for password hashing.

As for email encryption, PGP/GPG is your best bet for cross compatible/supported email encryption.

score 0 · Answer 2 · edited May 23 '17 at 12:10

0

You should read this question Secure hash and salt for PHP passwords and this one How do you use bcrypt for hashing passwords in PHP?.

Both questions have more than 170 upvotes.

edited May 23 '17 at 12:10

Community

1
1

answered Jul 22 '12 at 10:30

Romain

6,322
3
35
40

PHP/SQL - Password and Email security (theory)

2 Answers2