I am beginning the process of implementing password encryption for User's on my future site (The site is not live or available yet).
I have been reading up on hashing passwords and storing them in the database.
My question are as follows:
- I believe it has said that once hashed, the password is stored as plain text and not reversable - I take this to mean that it cannot be viewed by me in its original state, the original User password. Is this correct?
- The online PHP manual suggests using password_hash() or crypt(); This is an aspect of programming/PHP which is new to me. Do I have to include any sort of files or set-up server side in order to get this to function?
- When a password is hashed, is it always the same character length? I ask this as I would need to know a length in order to store it correctly in the DB.
Any other input would help greatly.
Thank you in advance!