password_hash(): Creating password using one way hashing algorithm with optional salt and cost

password_hash() : One way Password hash

password_hash('$string',$alog,$options);

Parameter	DESCRIPTION
$string	Required : Input password string variable
$alog	Required : algorithms to be used.
$options	Optional : An associative array containing options.

Algorithms supported

PASSWORD_DEFAULT : bcrypt algorithm. Output length is more than 60 so better to use 255 chars
PASSWORD_BCRYPT : CRYPT_BLOWFISH to create the hash. Output 60 chars legth
PASSWORD_ARGON2I : Argon2i hashing algorithm
PASSWORD_ARGON2ID : Argon2id hashing algorithm

Options ( Optional )

Options given as array ( see example below )

Example 1 using PASSWORD_DEFAULT

$str="plus2net.com";
$str_hash=password_hash($str,PASSWORD_DEFAULT);
echo $str_hash;

Output is here

$2y$10$/r1bsR9lXZ52gYPmeH69Bu3.k0ABji7ZJdiZTPmUWEAgaQpkBkfKq

Example 2 using options ( Optional )

salt : has to be minimum 22 char length. If not given then default salt will be used. Salt option is removed in PHP 7.0 so better not to use salt and allow PHP to use default salt.

cost : default value 10 .This is the algorithm cost which depends on hardware.

$str="plus2net.com";
$options =array('cost' => 12,'salt'=>'my_salt_of_22_legth_ok');
$str_hash=password_hash($str,PASSWORD_DEFAULT,$options);
echo $str_hash;

Output is here

$2y$12$bXlfc2FsdF9vZl8yMl9sZOXWXRIfffjBg.Qk195t1LcqrI2JBjIUW

No Salt Better not to use Salt and allow PHP to use its default salt as this is deprecated in PHP 7.0.0

As seen from above we can use different algorithms with password_hash(), we can store the password in our database table with length 255 chars. Next we will learn how to match the stored password against user entered password by using password_verify()

This article is written by plus2net.com team.

plus2net.com

PHP String Functions

password_hash() : One way Password hash

Algorithms supported

Options ( Optional )

Example 1 using PASSWORD_DEFAULT

Example 2 using options ( Optional )

Subscribe