Salting and hashing is a technique to store the password in a database. In cryptography, salting means to add some content along with the password and then hashing it. So salt and hash provide two levels of security. Salting always makes unique passwords i.e if there are two same passwords, after salting, the resulting string will change. Salting used along with hashing increases the level of security of the passwords.
Salting and hashing: In PHP, storing the password by salting and hashing is done by the password_hash() method. This method takes three parameters and returns a final hash of that password.
string password_hash( string $pass, int $algo, array $options )
- $pass: This parameter holds the password that is to be secured and stored in database.
- $algo: It specifies the hashing algorithm that is used to create the hash of $pass. Some of the algorithm parameters in php are:
- PASSWORD_DEFAULT: Use the bcrypt algorithm (default as of PHP 5.5.0). This constant is designed to change over time as new and stronger algorithms are added to PHP.
- PASSWORD_BCRYPT: It is the CRYPT_BLOWFISH algorithm to create the hash. The result in a 60 character string or give a FALSE on failure.
- $options: It is the salting part. It takes salt in form cost factor. It is optional, if left empty, default cost is added to the string (It is 10 in most cases). Note that more cost leads to a more protective password and thus puts heavy load on CPU.
Return Value: It returns the hashed password and FALSE on failure.
Example: This example is a demonstration of showing the password_hash(), making of hash and comparing it.
1 1 0
In this example, the password_verify() method is used to compare the hash created with the string entered as a parameter. It takes the hash and the string to be compared as parameters and return true if the password is correct else it returns false.
- How to secure database passwords in PHP?
- How to encrypt and decrypt passwords using PHP ?
- How to use bcrypt for hashing passwords in PHP?
- Saving What Saves Our Passwords – Two-Factor Authentication
- Making your WordPress Website More Secure
- Introduction to SSH(Secure Shell) Keys
- Using GitHub with SSH (Secure Shell)
- Express.js req.secure Property
- PHP | md5(), sha1(), hash() Functions
- Perl | Hash in Scalar and List Context
- Node | urlObject.hash API
- HTML | DOM Location hash Property
- C# | How to get hash code for the specified key of a Hashtable
- Perl Hash
- hash command in Linux with examples
- HTML | DOM Anchor hash Property
- Perl | Hash Operations
- Perl | Use of Hash bang or Shebang line
- How to read a hash with an “&” sign in the URL ?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.