PHP password_verify and password_hash password verification

News 2023-08-26 05:11:16 views: null

password_hash() creates a hash of a password using a sufficiently strong one-way hash algorithm.

Currently supported algorithms:

  • PASSWORD_DEFAULT - Use the bcrypt algorithm (default in PHP 5.5.0). Note that this constant will change as PHP adds newer, stronger algorithms. Therefore, the length of the result generated using this constant will change in the future. Therefore, the column in the database that stores the results can exceed 60 characters (preferably 255 characters).
  • PASSWORD_BCRYPT -  CRYPT_BLOWFISH Create a hash using an algorithm. This produces  a crypt() compatible with "$2y$" . The result will be a 60 character string, or returned on failure  false.
  • PASSWORD_ARGON2I - Create hashes using the Argon2i hashing algorithm. This algorithm is only available when PHP was compiled with Argon2 support.
  • PASSWORD_ARGON2ID - Create hash using Argon2id hashing algorithm. This algorithm is only available when PHP was compiled with Argon2 support.

PASSWORD_BCRYPT Supported options:

  • salt( string) - Manually provided salt for hashing passwords. This will avoid automatic salt generation (salt).

    When this value is omitted, password_hash() automatically generates a random salt value for each password hash. This operation is an intentional pattern.

    warn

    The salt option is deprecated. For now it's best to just choose to use the default generated salt. As of PHP 8.0.0, explicitly specified salt values ​​are ignored.

  • cost ( int) - Represents the cost used by the algorithm. The crypt()  page has examples of cost values.

    When omitted, the default is  10. This cost is a good bottom line, but it may be possible to increase this value according to your own hardware.

PASSWORD_ARGON2I and  PASSWORD_ARGON2ID supported options:

  • memory_cost ( int ) - Maximum memory (unit: KB) when computing Argon2 hashes. Default value:  PASSWORD_ARGON2_DEFAULT_MEMORY_COST.

  • time_cost ( int) - Maximum time when computing the Argon2 hash. Default value:  PASSWORD_ARGON2_DEFAULT_TIME_COST.

  • threads ( int) - Maximum number of threads when computing Argon2 hashes. Default value:  PASSWORD_ARGON2_DEFAULT_THREADS.

encryption:

echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT)

verify:

<?php
// 想知道以下字符从哪里来,可参见 password_hash() 示例
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}
?>

Guess you like

Origin blog.csdn.net/taoshihan/article/details/132375345
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com