PHP Securitywise为什么md5不再被认为是安全的？

简单来说……

您可以很好地利用PHP 5.5中的password_hash()以及crypt()那些是目前为止考虑的更好的.

从PHP手册中获取的password_hash()的简单说明

<?php
$options = [
    'cost' => 12,];
echo password_hash("rasmuslerdorf",PASSWORD_BCRYPT,$options)."n";
?>

使用BLOWFISH算法的地穴的简单说明

if (CRYPT_BLOWFISH == 1) {
    echo 'Blowfish:     ' . crypt('rasmuslerdorf','$2a$07$usesomesillystringforsalt$') . "n";
}

编辑：

为什么你不应该使用md5()？

Hashing algorithms such as MD5,SHA1 and SHA256 are designed to be
very fast and efficient. With modern techniques and computer
equipment,it has become trivial to “brute force” the output of these
algorithms,in order to determine the original input. Because of how
quickly a modern computer can “reverse” these hashing algorithms,many
security professionals strongly suggest against their use for password
hashing.

为什么在PHP 5.5上使用password_hash()？

When hashing passwords,the two most important considerations are the
computational expense,and the salt. The more computationally
expensive the hashing algorithm,the longer it will take to brute
force its output. PHP 5.5 provides a native password hashing API which is the password_hash() that
safely handles both hashing and verifying passwords in a secure
manner.

Source