Howto safely store a password
Posted on
Howto safely store a password using ZF2
- MD5() + salt is not secure anymore, dictionary attacks can be performed much faster with modern CPU + cloud environments
- A secure alternative is the bcrypt algorithm
- Bcrypt uses Blowfish cipher + iterations to generate secure hash values
- Bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
//add this to your class
use ZendCryptPasswordBcrypt;
//Setup the encryption class
$bcrypt = new Bcrypt();
//Encrypt the password
$hash = $bcrypt->create(‘password’);
//Verify password
if ($bcrypt->verify(‘password’, $hash)){
//correct password
}