LearnPHP Password Hashing Tutorial

Treehouse

Treehouse
writes on January 5, 2011

In this 8-minute video tutorial on PHP Password Hashing, you’ll learn how to improve your authentication code by taking passwords out of cleartext.

Screengrab of video on PHP Password Hashing

This video is from Think Vitamin Membership, a high-quality video training site, curated by us at Carsonified and Think Vitamin, with hundreds of short videos on topics like …

10 new videos are added every week, so it’s a great way to stay up-to-date on all the latest technology and methods. Browse the entire library of videos.

5 Responses to “PHP Password Hashing Tutorial”

  1. Thanks, this is opening some new ideas for me.

  2. Tyfteeyf on January 6, 2011 at 11:47 am said:

    b2cshop.us
    

  3. Michaelbuckbee on January 5, 2011 at 5:36 pm said:

    While using hashed passwords is certainly better than keeping them as plaintext fields, it is also significantly less secure than easily available alternatives such as using bcrypt.

    Mostly this is because if someone is able to steal your users table (and presumably the salts for the hashes as well), it is incredibly fast to compare the hashed values to precomputed hashes of passwords.

    The recent Gawker password leaks fell victim to a form of this style of attack.

    Bcryprt is sloowww, so if the worst happens and someone gets your user table they’ll die of natural causes before being able to compare the encrypted passwords to potential matches.

Leave a Reply

You must be logged in to post a comment.

man working on his laptop

Are you ready to start learning?

Learning with Treehouse for only 30 minutes a day can teach you the skills needed to land the job that you've been dreaming about.

Start a Free Trial
woman working on her laptop