Skip to content
Related Articles

Related Articles

How to use bcrypt for hashing passwords in PHP?
  • Last Updated : 04 Jul, 2019
GeeksforGeeks - Summer Carnival Banner

Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing.
The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format.

The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately.


string password_hash( $password, $algo, $options )

The following algorithms are currently supported by password_hash() function:


Parameters: This function accepts three parameters as mentioned above and described below:

  • password: It stores the password of the user.
  • algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
  • options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.

Return Value: It returns the hashed password on success or False on failure.


Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a

Below programs illustrate the passwor_hash() function in PHP:

Program 1:

echo password_hash("GFG@123", PASSWORD_DEFAULT);

Program 2:

$options = [
    'cost' => 12,
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);

Program 3:

$timeTarget = 0.069; // 69 milliseconds 
$cost = 8;
do {
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);
echo "The appropriate cost is: " . $cost;
The appropriate cost is: 10

Program 4:

echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);
Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI


Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up
Recommended Articles
Page :