You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use password_hash() instead of crypt()
From the crypt page: password_hash() uses a strong hash, generates a strong salt, and applies proper rounds automatically. password_hash() is a simple crypt() wrapper and compatible with existing password hashes. Use of password_hash() is encouraged.
Ideally, use it with Argon instead of bcrypt since the latter truncates passwords to 72 chars.
Do not set a max password length.
Or at the very least, set it to a sane number. 20 is ridiculously small, and subject to ridicule. 64 should be the smallest max length one should consider.
The text was updated successfully, but these errors were encountered:
Use password_hash() instead of crypt()
From the crypt page:
password_hash() uses a strong hash, generates a strong salt, and applies proper rounds automatically. password_hash() is a simple crypt() wrapper and compatible with existing password hashes. Use of password_hash() is encouraged.
Ideally, use it with Argon instead of bcrypt since the latter truncates passwords to 72 chars.
Do not set a max password length.
Or at the very least, set it to a sane number. 20 is ridiculously small, and subject to ridicule. 64 should be the smallest max length one should consider.
The text was updated successfully, but these errors were encountered: