What are the limitations of using MD5 hashing for password storage in terms of security and vulnerability to brute-force attacks?
Using MD5 hashing for password storage is not secure because it is vulnerable to brute-force attacks and rainbow table attacks. To improve security, it is recommended to use stronger hashing algorithms like bcrypt or Argon2, which are specifically designed for securely hashing passwords.
// Hashing a password using bcrypt
$password = "password123";
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
// Verifying a password
$enteredPassword = "password123";
if (password_verify($enteredPassword, $hashedPassword)) {
echo "Password is correct";
} else {
echo "Password is incorrect";
}
Related Questions
- What best practices should be followed when creating custom sorting functions in PHP?
- What are best practices for securely managing database connection details in PHP applications to prevent unauthorized access?
- What is the significance of the error message "Fatal error: Unparenthesized `a ? b : c ? d" in PHP scripts?