Password hashing ni mchakato wa kubadilisha password kuwa string isiyo readable kabla ya ku-save kwenye database.
Salting ni kuongeza random value kwenye password kabla ya kuhash, ili kuzuia rainbow table attacks.
Goal: Store passwords safely na kuhakikisha even if database hacked, passwords hazitafahamika.
βοΈ 2. PHP Password Hashing (Simple Example)
<?php
// User password input
$password = $_POST['password'];
// Hash the password using PHP's password_hash()
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Save $hashed_password to database
echo "β
Password hashed successfully: $hashed_password";
?>
π‘ Maelezo:
PASSWORD_DEFAULT inachagua strongest hashing algorithm available (usually bcrypt).
Hashing automatically adds a salt internally β no need to manually create one.
𧩠3. Verifying Password on Login
<?php
// Assume $hashed_password from database
$input_password = $_POST['password'];
if(password_verify($input_password, $hashed_password)){
echo "β
Login successful!";
} else {
echo "β Invalid password!";
}
?>
password_verify() compares input password na hashed value safely.
π‘οΈ 4. Advanced Salting (Optional)
PHP's password_hash() already generates a unique salt, so manual salting is usually unnecessary.
If desired for extra security:
$salt = bin2hex(random_bytes(16));
$hashed = password_hash($password . $salt, PASSWORD_DEFAULT);
Store both $hashed and $salt in database.
On login, append salt to input before password_verify().
π 5. Best Practices
Never store plain passwords β always hash.
Use password_hash() and password_verify() β built-in PHP best practice.
Avoid custom hashing (e.g., md5, sha1) β insecure.
Optional salting β already done internally, but can add extra layer.
Rehash if algorithm changes β password_needs_rehash().
β
6. Hitimisho
Password hashing + salting ni critical for user security.
PHP makes it easy na secure kupitia password_hash() na password_verify().
Always combine with input validation, HTTPS, na secure database storage.
π Tembelea:
π https://www.faulink.com/
Kwa mafunzo zaidi ya PHP, password security, na best practices za web applications.