Open In App
Related Articles

How to use bcrypt for hashing passwords in PHP?

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Report issue
Report
Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing. The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format. The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately. Syntax:
string password_hash( $password, $algo, $options )
The following algorithms are currently supported by password_hash() function:
  • PASSWORD_DEFAULT
  • PASSWORD_BCRYPT
  • PASSWORD_ARGON2I
  • PASSWORD_ARGON2ID
Parameters: This function accepts three parameters as mentioned above and described below:
  • password: It stores the password of the user.
  • algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
  • options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.
Return Value: It returns the hashed password on success or False on failure. Example:
Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a
Below programs illustrate the passwor_hash() function in PHP: Program 1:
<?php
  
echo password_hash("GFG@123", PASSWORD_DEFAULT);
?>

                    
Output:
$2y$10$Z166W1fBdsLcXPVQVfPw/uRq1ueWMA6sLt9bmdUFz9AmOGLdM393G
Program 2:
<?php
  
$options = [
    'cost' => 12,
];
  
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);
?>

                    
Output:
$2y$12$jgzGJmLsUHGNjmDK98MbWe82e3CIJZuflAj6lE1I.dlyhSVfz42oq
Program 3:
<?php
  
$timeTarget = 0.069; // 69 milliseconds 
  
$cost = 8;
do {
    $cost++;
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);
  
echo "The appropriate cost is: " . $cost;
?>

                    
Output:
The appropriate cost is: 10
Program 4:
<?php
echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);
?>

                    
Output:
Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI
Reference: https://www.php.net/manual/en/function.password-hash.php

Last Updated : 04 Jul, 2019
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads