Koen Hollander Koen Hollander - 1 month ago 5
PHP Question

What is the best way to protect a password in the database?

There are a lot of possible password security options.

So you have

password_hash

md5

SHA1

And much much more

So, what is really the most secure and fastest way to protect a password in the database? And why?

Answer

password_hash() - because it does everything without leaving anything for you, the coder, to do wrong. it automatically generates salt, uses the best hashing-algorithm available to your current PHP-installation and is easy to use, while password_verify() is backwards compatible, no matter what hash may have been used in an earlier version.

also, i don't know about SHA1, but MD5 definitely isn't cryptographically secure anymore for years. meaning, in short, that you cannot reconstruct a password from it, but an educated attacker could.