1.  Home
  2. PHP
  3. PHP Password Hashing

PHP Password Hashing

ADVERTISEMENTS

This extension provides some constants & functions to secure the passwords in secure manner.

 

Requirements

No external libraries are needed to build this extension.

 

Installation

There is no installation needed to use these functions;

they are part of the PHP core.

To enable Argon2 password hashing, however, PHP must be build with libargon2 support using the --with-password-argon2[=DIR] configure option.

 

Run-time Configuration

This extension has no configuration directives defined in php.ini.

 

Resource Types

This extension has no resource types defined.

 

Predefined Constants

Constants of this extension below are always available as part of the PHP core.

  • PASSWORD_BCRYPT (integer)
  • PASSWORD_BCRYPT is used to create new password hashes using the CRYPT_BLOWFISH algorithm.
    • This will always result in a hash using the "$2y$" crypt format, which is always 60 characters wide.
    • Supported Options:
      • salt (string) - to manually provide a salt to use when hashing the password.
      • Note that this will override and prevent a salt from being automatically generated.
      • If omitted, a random salt will be generated by password_hash() for each password hashed.
      • This is the intended mode of operation and as of PHP 7.0.0 the salt option has been deprecated.
      • cost (integer) - which denotes the algorithmic cost that should be used.
      • Examples of these values can be found on the crypt() page.
      • If omitted, a default value of 10 will be used.
      • This is a good baseline cost, but you may want to consider increasing it depending on your hardware.
  • PASSWORD_ARGON2I (integer)
  • PASSWORD_ARGON2I is used to create new password hashes using the Argon2 algorithm.
    • Supported Options:
      • memory_cost (integer) - Maximum memory (in bytes) that may be used to compute the Argon2 hash.
      • Defaults to PASSWORD_ARGON2_DEFAULT_MEMORY_COST.
      • time_cost (integer) - Maximum amount of time it may take to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_TIME_COST.
      • threads (integer) - Number of threads to use for computing the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_THREADS.
      • Available as of PHP 7.2.0.
  • PASSWORD_ARGON2_DEFAULT_MEMORY_COST (integer)
    • Default amount of memory in bytes that Argon2lib will use while trying to compute a hash.
    • Available as of PHP 7.2.0.
  • PASSWORD_ARGON2_DEFAULT_TIME_COST (integer)
    • Default amount of time that Argon2lib will spend trying to compute a hash.
    • Available as of PHP 7.2.0.
  • PASSWORD_ARGON2_DEFAULT_THREADS (integer)
    • Default number of threads that Argon2lib will use.
    • Available as of PHP 7.2.0.
  • PASSWORD_DEFAULT (integer)
    • The default algorithm to use for hashing if no algorithm is provided.
    • This may change in newer PHP releases when newer, stronger hashing algorithms are supported.
    • It is worth noting that over time this constant can (and likely will) change.
    • Therefore you should be aware that the length of the resulting hash can change.
    • Therefore, if you use PASSWORD_DEFAULT you should store the resulting hash in a way that can store more than 60 characters (255 is the recomended width).
    • Values for this constant:
    • PHP 5.5.0 – PASSWORD_BCRYPT

 

Password Hashing Functions

  • password_get_info — Returns information about the given hash

  • password_hash — Creates a password hash

  • password_needs_rehash — Checks if the given hash matches the given options

  • password_verify — Verifies that a password matches a hash

ADVERTISEMENTS

Read More Topics on PHP

1. PHP Introduction
2. PHP Variables
3. PHP Constants
4. PHP Server
5. PHP Syntax
6. PHP Predefined Constants
7. PHP Operators
8. PHP Ternary Operator
9. PHP If, Else & Else-If Statement
10. PHP Switch Case Statement
11. PHP Loops
12. PHP For & Foreach Loop
13. PHP Break & Continue Statement
14. PHP Goto Statement
15. PHP Include & Include_once
16. PHP Include Vs Require
17. PHP Functions
18. PHP Array
19. PHP Multidimensional Array
20. PHP Predefined Variables
21. PHP Namespace
22. PHP Http
23. PHP Cookies
24. PHP Sessions
25. PHP File Uploads
26. PHP File System
27. PHP OOPs
28. PHP Classes
29. PHP Autoloading Classes
30. PHP Constructors And Destructors
31. PHP Visibility
32. PHP Inheritance
33. PHP Objects Interfaces
34. PHP Traits
35. PHP Object Iteration
36. PHP Objects & References
37. PHP Predefined Interfaces And Classes
38. PHP Errors
39. PHP Exceptions
40. PHP Predefined Exception Classes And Interfaces
41. PHP References
42. PHP Directories
43. PHP Mail
44. PHP Math
45. PHP Date & Time
46. PHP Date & Time Predefined Interfaces & Classes
47. PHP Supported Date & Time Formats
48. PHP Timezones
49. PHP Calendar
50. PHP JSON
51. PHP URLs
52. PHP Misc
53. PHP CURL
54. PHP Zip
55. PHP RAR
56. PHP FTP
57. PHP Strings
58. PHP Ctype
59. PHP Regular Expressions (Perl-Compatible)
60. PHP Filter
61. PHP Variable Handling
62. PHP Password Hashing
63. PHP Output Buffering Control
64. PHP Network
65. PHP Streams
66. PHP Supported Protocols And Wrappers
67. PHP Simple XML
68. PHP LibXML
69. PHP XML Parser
Recent Articles
ADVERTISEMENTS
ADVERTISEMENTS