LearnPHP Password Hashing Tutorial

writes on January 5, 2011

Share with your friends


In this 8-minute video tutorial on PHP Password Hashing, you’ll learn how to improve your authentication code by taking passwords out of cleartext.

Screengrab of video on PHP Password Hashing

This video is from Think Vitamin Membership, a high-quality video training site, curated by us at Carsonified and Think Vitamin, with hundreds of short videos on topics like …

10 new videos are added every week, so it’s a great way to stay up-to-date on all the latest technology and methods. Browse the entire library of videos.

5 Responses to “PHP Password Hashing Tutorial”

  1. Michaelbuckbee on January 5, 2011 at 5:36 pm said:

    While using hashed passwords is certainly better than keeping them as plaintext fields, it is also significantly less secure than easily available alternatives such as using bcrypt.

    Mostly this is because if someone is able to steal your users table (and presumably the salts for the hashes as well), it is incredibly fast to compare the hashed values to precomputed hashes of passwords.

    The recent Gawker password leaks fell victim to a form of this style of attack.

    Bcryprt is sloowww, so if the worst happens and someone gets your user table they’ll die of natural causes before being able to compare the encrypted passwords to potential matches.

    • Interesting alternative for sites with small amounts of users. I doubt it would have helped with Gawker etc, as they have huge user numbers.

      In my opinion hashing and user education have to go hand in hand. More details here: http://post.ly/1L92U

  2. Tyfteeyf on January 6, 2011 at 11:47 am said:


  3. Thanks, this is opening some new ideas for me.

Leave a Reply

Want to learn more about PHP?

Learn how to create dynamic websites using the back-end programming language, PHP.

Learn more