Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Encrypting Passwords with PHP for Storage Using the RSA PBKDF2 Standard
Sep 21, 2009 @ 11:19:09

On the ITnewb.com site today there's a new tutorial looking at the encryption of passwords in your PHP apps using the RSA PBKDF2 standard - a "Password-Based Key Derivation Function" that uses a pseudorandom function/input with a salt run multiple times to produce your derived key.

When creating password hashes for storage, many programmers will run a password through MD5 once and call it a day, rendering those hashes very susceptible to attack if they're discovered. In this article, you'll learn how to create stronger hashes with PHP by using the RSA PBKDF2 Standard.

They create a quick function that takes in a few different values - the password to encrypt, a salt value, how many iterations to run, how long you want the derived key to be and which hash to use (in this case sha256).

tagged: tutorial storage password rsa pbkdf2 standard