September 16, 2015
PHP 加密用户密码 How to store passwords safely with PHP and MySQL
Do not store password as plain text
Do not try to invent your own password security
Do not ‘encrypt’ passwords
Do not use MD5
Do not use a single site-wide salt
What you should do
Use a cryptographically strong hashing function like bcrypt (see PHP’s crypt() function).
Use a random salt for each password.
Use a slow hashing algorithm to make brute force