How to use bcrypt for hashing passwords in PHP?

Last Updated : 04 Jul, 2019

Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing.
The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format.

The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately.

Syntax:

string password_hash( $password, $algo, $options )

The following algorithms are currently supported by password_hash() function:

PASSWORD_DEFAULT
PASSWORD_BCRYPT
PASSWORD_ARGON2I
PASSWORD_ARGON2ID

Parameters: This function accepts three parameters as mentioned above and described below:

password: It stores the password of the user.
algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.

Return Value: It returns the hashed password on success or False on failure.

Example:

Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a

Below programs illustrate the passwor_hash() function in PHP:

Program 1:

<?php 
  
echo password_hash("GFG@123", PASSWORD_DEFAULT); 
?> 

Output:

$2y$10$Z166W1fBdsLcXPVQVfPw/uRq1ueWMA6sLt9bmdUFz9AmOGLdM393G

Program 2:

<?php 
  
$options = [ 
    'cost' => 12, 
]; 
  
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options); 
?> 

Output:

$2y$12$jgzGJmLsUHGNjmDK98MbWe82e3CIJZuflAj6lE1I.dlyhSVfz42oq

Program 3:

<?php 
  
$timeTarget = 0.069; // 69 milliseconds  
  
$cost = 8; 
do { 
    $cost++; 
    $start = microtime(true); 
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]); 
    $end = microtime(true); 
} while (($end - $start) < $timeTarget); 
  
echo "The appropriate cost is: " . $cost; 
?> 

Output:

The appropriate cost is: 10

Program 4:

<?php 
echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I); 
?> 

Output:

Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI

Reference: https://www.php.net/manual/en/function.password-hash.php

How to Create MD5 Hashes in PHP ?

SohomPramanick

Improve

Article Tags :

How to use bcrypt for hashing passwords in PHP?

Similar Reads

Thank You!

What kind of Experience do you want to share?