Modern php hashing algorithm

Question

I'm developing a new system and I wondered if my oldschool phpass is still the best option for hashing in php?

I'm looking for the best security, and I heard that blowfish is outdated. DES is old.

So what will you guys recommend for a new php system? I need something that is future-proof as replacing the algorithm after the release is a pain.

Thanks in advance.

Modern PHP uses the built-in password_hash()/password_verify() functions; when it doesn't even matter if the algorithm is changed by future versions of PHP — Mark Baker, Aug 28 '15 at 13:48
@MarkBaker beat me to it for the second time today. This has to stop :p — , Aug 28 '15 at 13:58

score 3 · Accepted Answer · edited May 23 '17 at 10:29

3

PHP 5.5 has a built in password_hash() and password_verify() function and it is very powerful.

Make sure your php version is 5.5 or above before you try to implement it.

edited May 23 '17 at 10:29

Community

answered Aug 28 '15 at 13:56

3

But note that you can use the [userland implementation](https://github.com/ircmaxell/password_compat) from PHP >= 5.3.7 – Mark Baker Aug 28 '15 at 14:01
Okay. tried that password_hash function and it seems to work great. now trying to verify it. Thank you! – W. John Aug 28 '15 at 14:12

score -1 · Answer 2 · answered Aug 28 '15 at 13:53

-1

You can look at Mhash php extention, mhash() and SHA-512 as algorythm

answered Aug 28 '15 at 13:53

Alex Kobzin

From that manual page: "Note: This extension is obsoleted by Hash." That's not exactly modern. – Scott Arciszewski Aug 28 '15 at 18:21

2 Answers2