YouTip LogoYouTip

Php Password_Hash

# PHP password_hash() Function [![Image 3: PHP Password Hashing Algorithm](#)PHP Password Hashing Algorithm](#) The password_hash() function is used to create a hash of a password. PHP Version Requirement: PHP 5 >= 5.5.0, PHP 7 ### Syntax string password_hash ( string $password , int $algo [, array $options ] ) password_hash() creates a hash of a password using a sufficiently strong one-way hashing algorithm. password_hash() is compatible with crypt(). Therefore, password hashes created by crypt() can also be used with password_hash(). **Currently Supported Algorithms:** * **`PASSWORD_DEFAULT`** - Uses the bcrypt algorithm (default in PHP 5.5.0). Note that this constant will change as PHP adds newer, stronger algorithms. Therefore, the length of the result generated using this constant will change in the future. Thus, the database column storing the result should be able to hold more than 60 characters (255 characters is recommended). * **`PASSWORD_BCRYPT`** - Creates a hash using the **`CRYPT_BLOWFISH`** algorithm. This will produce a hash compatible with crypt() using "$2y$". The result will be a 60-character string, or **`FALSE`** on failure. * **`PASSWORD_ARGON2I`** - Creates a hash using the Argon2 hashing algorithm. **Options Supported by PASSWORD_BCRYPT:** * salt (string) - Manually provide a salt for the password hash. This will prevent the automatic generation of a salt. If this value is omitted, password_hash() will automatically generate a random salt for each password hash. This is the intended behavior. Note: The salt option has been deprecated since PHP 7.0.0. It is now recommended to simply use the default generated salt. * cost (integer) - Represents the cost used by the algorithm. Examples of cost values can be found on the crypt() page. If omitted, the default value is 10. This cost is a good baseline, but you might increase it based on your hardware capabilities. **Options Supported by PASSWORD_ARGON2I:** * _memory_cost_ (integer) - The maximum memory (in bytes) used to compute the Argon2 hash. Default: **`PASSWORD_ARGON2_DEFAULT_MEMORY_COST`**. * _time_cost_ (integer) - The maximum time (in seconds) allowed to compute the Argon2 hash. Default: **`PASSWORD_ARGON2_DEFAULT_TIME_COST`**. * _threads_ (integer) - The maximum number of threads used to compute the Argon2 hash. Default: **`PASSWORD_ARGON2_DEFAULT_THREADS`**. Parameter Description: * password: A hash value created by password_hash(). * algo: A password algorithm constant used to indicate the algorithm when hashing the password. * options: An associative array containing options. Currently, two options are supported: salt, the salt (interference string) added when hashing the password, and cost, which specifies the number of iterations of the algorithm. Examples of these values can be found on the crypt() page. If omitted, a random salt and the default cost will be used. ### Return Value Returns the hashed password, or FALSE on failure. ### Examples ## Example 1 The output will be: $2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a ## Example 2 12, ]; echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options); ?> The output will be: $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K ## Example 3 Example of manually setting the salt: <?php /** * Note that the salt here is randomly generated. * Never use a fixed salt, or one that is not randomly generated. * * In most cases, you can let password_hash generate a random salt for you automatically. */ $options = [
← Python Tkinter EntryReact Event Handle β†’