I do not know much about hash
and security, I found two functional functions and I did not know what the difference would be between them and consequently which is the safest way to save and capture passwords.
My question is which one should I use, password_hash
or crypt
? I know that password_hash
internally uses crypt
, does this make it more complete and secure?
Examples:
crypt:
$hash = crypt($pass); //criptografa
if(crypt($pass, $hash) == $hash) //verifica a senha
password_hash
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(50, MCRYPT_DEV_URANDOM),
];
$hash = password_hash($pass, PASSWORD_BCRYPT, $options); //criptografa
if (password_verify($pass, $hash)) //verifica senha