w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
PHP - Using a one-time pad to store encrypted passwords

What you would do with the one-time pad is encrypting the password. Encrypting passwords is not optimal, because however you do it, you will be able to decrypt the password. Your application itself must have access to the key (or the keys since every one-time pad can only encrypt a single password), so can do an attacker if he has enough privileges.

That's why we use hash functions to store passwords, they are one-way, you can check if an entered password results in the same hash, but you cannot get the original password back. PHP offers the function password_hash() to generate such hash-values, it handles all the pitfalls with generating random salts and uses the slow BCrypt to hash passwords.

© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.