Ask HN: Which method/algorithm do you use to securely hash password in PHP? - startupflix
======
thaumaturgy
Since PHP 5.5, the answer has been:

    
    
        $hash = password_hash($password, PASSWORD_BCRYPT)
    

and

    
    
        password_verify($password, $hash)
    

These are a part of the PHP standard library and should be available in any
PHP installation >= 5.5: [https://secure.php.net/manual/en/function.password-
hash.php](https://secure.php.net/manual/en/function.password-hash.php)

If you're stuck with an older version of PHP, you should try to upgrade it. If
you really really can't, the answer gets more complicated, but you can still
store and compare a bcrypt'd hash.

~~~
startupflix
Thank you so much.

------
bufferoverflow
Bcrypt / SHA256 / SHA512 / Scrypt are all fine.

Don't forget to salt.

~~~
startupflix
thank you :)

