Yes, technically, you should be using Argon2 or Bcrypt or PBKDF2.
Argon2 is actually really secure.
Argon2 is modern ASIC-resistant and GPU-resistant secure key derivation function. It has better password cracking resistance (when configured correctly) than PBKDF2, Bcrypt and Scrypt (for similar configuration parameters for CPU and RAM usage).
If anyone here uses md5, sha512, sha256, or any weird hashing algorithms, I'll be upset.
This was me when i started PHP:
$password = md5(md5(md5(md5($_GET['password']))));
The correct way:
$password = password_hash($_POST["password"], PASSWORD_ARGON2I);
Top comments (2)
Do you consider salted hashing to prevent rainbow table attack or something?
:) I saw that argon2 has a default salt generator. php.net/manual/en/function.passwor...