PHP Password Hashing Tutorial

In this 8-minute video tutorial on PHP Password Hashing, you’ll learn how to improve your authentication code by taking passwords out of cleartext.

Screengrab of video on PHP Password Hashing

This video is from Think Vitamin Membership, a high-quality video training site, curated by us at Carsonified and Think Vitamin, with hundreds of short videos on topics like …

10 new videos are added every week, so it’s a great way to stay up-to-date on all the latest technology and methods. Browse the entire library of videos.

Free Workshops

Watch one of our expert, full-length teaching videos. Choose from HTML, CSS or WordPress.

Start Learning

Treehouse

Our mission is to bring affordable Technology education to people everywhere, in order to help them achieve their dreams and change the world.

Comments

5 comments on “PHP Password Hashing Tutorial

  1. While using hashed passwords is certainly better than keeping them as plaintext fields, it is also significantly less secure than easily available alternatives such as using bcrypt.

    Mostly this is because if someone is able to steal your users table (and presumably the salts for the hashes as well), it is incredibly fast to compare the hashed values to precomputed hashes of passwords.

    The recent Gawker password leaks fell victim to a form of this style of attack.

    Bcryprt is sloowww, so if the worst happens and someone gets your user table they’ll die of natural causes before being able to compare the encrypted passwords to potential matches.

    • Interesting alternative for sites with small amounts of users. I doubt it would have helped with Gawker etc, as they have huge user numbers.

      In my opinion hashing and user education have to go hand in hand. More details here: http://post.ly/1L92U