Is php password hash secure?
(PHP 5 >= 5.5.0, PHP 7, PHP 8) Show password_hash — Creates a password hash Descriptionpassword_hash(string The following algorithms are currently supported:
Supported options for
Supported options for
Parameterspassword The user's password. Caution Using the algo A password algorithm constant denoting the algorithm to use when hashing the password. options An associative array containing options. See the password algorithm constants for documentation on the supported options for each algorithm. If omitted, a random salt will be created and the default cost will be used. Return ValuesReturns the hashed password. The used algorithm, cost and salt are returned as part of the hash. Therefore, all information that's needed to verify the hash is included in it. This allows the password_verify() function to verify the hash without needing separate storage for the salt or algorithm information.
Changelog
ExamplesExample #1 password_hash() example
The above example will output something similar to: $2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a Example #2 password_hash() example setting cost manually
The above example will output something similar to: $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K Example #3 password_hash() example finding a good cost
"Appropriate Cost Found: " . $cost; The above example will output something similar to: Appropriate Cost Found: 10 Example #4 password_hash() example using Argon2i
The above example will output something similar to: Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YzJBSzV4TUhkMzc3d3laeg$zqU/1IN0/AogfP4cmSJI1vc8lpXRW9/S0sYY2i2jHT0 NotesCaution It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one. As noted above, providing the
See Also
phpnetcomment201908 at lucb1e dot com ¶ 3 years ago
nicoSWD ¶ 8 years ago
Lyo Mi ¶ 6 years ago
Cloxy ¶ 8 years ago
= mcrypt_create_iv(22, MCRYPT_DEV_URANDOM); martinstoeckli ¶ 9 years ago
Mike Robinson ¶ 8 years ago
ms1 at rdrecs dot com ¶ 2 years ago
php dot net at marksim dot org ¶ 2 years ago
Anonymous ¶ 3 years ago
Anonymous ¶ 2 years ago
hman ¶ 3 years ago
Is password hash secure?Whereas the transmission of the password should be encrypted, the password hash doesn't need to be encrypted at rest. When properly implemented, password hashing is cryptographically secure. This implementation would involve the use of a salt to overcome the limitations of hash functions.
Is PHP crypt secure?In short: yes, that value is absolutely safe to store in a database.
What is PHP password hash?The password_hash() function creates a new password hash of the string using one of the available hashing algorithm. It returns the hash that is currently 60 character long, however, as new and stronger algorithms will be added to PHP, the length of the hash may increase.
Can hashed passwords be hacked?If a system uses a properly designed algorithm to create a hashed password, chances of hacking are extremely low. However, when a hacker steals hashed passwords in a database, they can reverse engineer the hashes to get the real passwords by using a database of words they think might be the password.
|