Open In App

How to use bcrypt for hashing passwords in PHP?

Improve
Improve
Like Article
Like
Save
Share
Report

Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing.
The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format.

The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately.

Syntax:

string password_hash( $password, $algo, $options )

The following algorithms are currently supported by password_hash() function:

  • PASSWORD_DEFAULT
  • PASSWORD_BCRYPT
  • PASSWORD_ARGON2I
  • PASSWORD_ARGON2ID

Parameters: This function accepts three parameters as mentioned above and described below:

  • password: It stores the password of the user.
  • algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
  • options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.

Return Value: It returns the hashed password on success or False on failure.

Example:

Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a

Below programs illustrate the passwor_hash() function in PHP:

Program 1:




<?php
  
echo password_hash("GFG@123", PASSWORD_DEFAULT);
?>


Output:

$2y$10$Z166W1fBdsLcXPVQVfPw/uRq1ueWMA6sLt9bmdUFz9AmOGLdM393G

Program 2:




<?php
  
$options = [
    'cost' => 12,
];
  
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);
?>


Output:

$2y$12$jgzGJmLsUHGNjmDK98MbWe82e3CIJZuflAj6lE1I.dlyhSVfz42oq

Program 3:




<?php
  
$timeTarget = 0.069; // 69 milliseconds 
  
$cost = 8;
do {
    $cost++;
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);
  
echo "The appropriate cost is: " . $cost;
?>


Output:

The appropriate cost is: 10

Program 4:




<?php
echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);
?>


Output:

Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI

Reference: https://www.php.net/manual/en/function.password-hash.php



Last Updated : 04 Jul, 2019
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads