How to use bcrypt for hashing passwords in PHP?
Last Updated :
04 Jul, 2019
Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing.
The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format.
The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately.
Syntax:
string password_hash( $password, $algo, $options )
The following algorithms are currently supported by password_hash() function:
- PASSWORD_DEFAULT
- PASSWORD_BCRYPT
- PASSWORD_ARGON2I
- PASSWORD_ARGON2ID
Parameters: This function accepts three parameters as mentioned above and described below:
- password: It stores the password of the user.
- algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
- options: It is an associative array, which contains the options. If this is removed and doesn't include, a random salt is going to be used, and the utilization of a default cost will happen.
Return Value: It returns the hashed password on success or False on failure.
Example:
Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a
Below programs illustrate the passwor_hash() function in PHP:
Program 1:
php
<?php
echo password_hash("GFG@123", PASSWORD_DEFAULT);
?>
Output:
$2y$10$Z166W1fBdsLcXPVQVfPw/uRq1ueWMA6sLt9bmdUFz9AmOGLdM393G
Program 2:
php
<?php
$options = [
'cost' => 12,
];
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);
?>
Output:
$2y$12$jgzGJmLsUHGNjmDK98MbWe82e3CIJZuflAj6lE1I.dlyhSVfz42oq
Program 3:
php
<?php
$timeTarget = 0.069; // 69 milliseconds
$cost = 8;
do {
$cost++;
$start = microtime(true);
password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
$end = microtime(true);
} while (($end - $start) < $timeTarget);
echo "The appropriate cost is: " . $cost;
?>
Output:
The appropriate cost is: 10
Program 4:
php
<?php
echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);
?>
Output:
Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI
Reference: https://www.php.net/manual/en/function.password-hash.php
Similar Reads
How to Secure hash and salt for PHP passwords ? Salting and hashing is a technique to store the password in a database. In cryptography, salting means to add some content along with the password and then hashing it. So salt and hash provide two levels of security. Salting always makes unique passwords i.e if there are two same passwords, after sa
2 min read
Password Hashing and Verification in PHP When Handling passwords securely in PHP the recommended approach is to use hashing. Instead of encrypting passwords, it is better to hash them because hashing is a one-way process, which means it can not be reversed. This makes it more secure. Encryption on the other hand can be useful when you need
3 min read
Password Hashing and Verification in PHP When Handling passwords securely in PHP the recommended approach is to use hashing. Instead of encrypting passwords, it is better to hash them because hashing is a one-way process, which means it can not be reversed. This makes it more secure. Encryption on the other hand can be useful when you need
3 min read
How to Create MD5 Hashes in PHP ? MD5 is a widely used hash function that produces a fixed-size 128-bit hash value from arbitrary input data. In PHP, creating MD5 hashes is a common task, often used for password hashing, data integrity verification, or generating unique identifiers. In this article, we'll explore different approache
1 min read
How to Validate Password using Regular Expressions in PHP ? Password validation is a crucial part of web application security. Regular expressions provide a powerful tool to define complex patterns. This article will guide you through various approaches to validate passwords using regular expressions in PHP. Approach 1: Basic Password ValidationIn this case,
1 min read
How hash Function works in PHP ? Hashing Functions play a crucial role in securing sensitive data by converting it into a fixed-size string of characters, often a hash value or checksum. PHP provides several built-in hashing functions for various purposes, such as password hashing, data integrity verification, and more. The Hashing
2 min read