The best way to encrypt and decrypt passwords is to use a standard library in PHP because the method of properly encrypting and decrypting passwords from scratch is complex and involves multiple possibilities of security vulnerabilities. Using the standard library ensures that the hashing implementation is verified and trusted.
Note: This uses the PHP Password API available in version 5.5.0 and above.
Encryption of the password: To generate a hash from the string, we use the password_hash() function.
string password_hash(string $password, mixed $algo, [array $options])
The password_hash() function creates a new password hash of the string using one of the available hashing algorithm. It returns the hash that is currently 60 character long, however, as new and stronger algorithms will be added to PHP, the length of the hash may increase. It is therefore recommended to allocate 255 characters for the column that may be used to store the hash in database.
The following algorithms are currently supported when using this function:
Additional options can be passed to this function can be used to set the cost of encryption, the salt to be used during hashing, etc in the $options array.
The below example shows the method of using the password_hash() method:
Generated hash: $2y$10$7rLSvRVyTQORapkDOqmkhetjF6H9lJHngr4hJMSM2lHObJbW5EQh6
Decryption of the password: To decrypt a password hash and retrieve the original string, we use the password_verify() function.
bool password_verify(string $password, string $hash)
The password_verify() function verifies that the given hash matches the given password, generated by the password_hash() function. It returns true if the password and hash match, or false otherwise.
- How to Encrypt and Decrypt a PHP String ?
- How to Secure hash and salt for PHP passwords ?
- How to secure database passwords in PHP?
- How to use bcrypt for hashing passwords in PHP?
- Saving What Saves Our Passwords – Two-Factor Authentication
- PHP | Get PHP configuration information using phpinfo()
- How to select and upload multiple files with HTML and PHP, using HTTP POST?
- PHP 5 vs PHP 7
- PHP | php.ini File Configuration
- How to import config.php file in a PHP script ?
- PHP | Separate odd and even elements from array without using loop
- Create a web server and run PHP script on it using Raspberry Pi
- How to extract img src and alt from html using PHP?
- How to Upload Image into Database and Display it using PHP ?
- How to fetch data from localserver database and display on HTML table using PHP ?
- How to get names of all the subfolders and files present in a directory using PHP?
- How to Display Recent Posts in DOM using PHP and MySQL ?
- Signup form using PHP and MySQL Database
- How to get emails using PHP and IMAP ?
- How to get YouTube video data by using YouTube data API and PHP ?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.