Open In App
Related Articles

How to use bcrypt for hashing passwords in PHP?

Like Article
Save Article
Report issue
Everyone knows and understands that storing the password in a clear text in the database is a quite rude thing and not secure. Yet, several do it because it makes an internet site quite easy for password recovery or testing. The bcrypt is a password hashing technique used to build password security. It is used to protect the password from hacking attacks because of the password is stored in bcrypted format. The password_hash() function in PHP is an inbuilt function which is used to create a new password hash. It uses a strong & robust hashing algorithm. The password_hash() function is very much compatible with the crypt() function. Therefore, password hashes created by crypt() may be used with password_hash() and vice-versa. The functions password_verify() and password_hash() just the wrappers around the function crypt(), and they make it much easier to use it accurately. Syntax:
string password_hash( $password, $algo, $options )
The following algorithms are currently supported by password_hash() function:
Parameters: This function accepts three parameters as mentioned above and described below:
  • password: It stores the password of the user.
  • algo: It is the password algorithm constant that is used continuously while denoting the algorithm which is to be used when the hashing of password takes place.
  • options: It is an associative array, which contains the options. If this is removed and doesn’t include, a random salt is going to be used, and the utilization of a default cost will happen.
Return Value: It returns the hashed password on success or False on failure. Example:
Input : echo password_hash("GFG@123", PASSWORD_DEFAULT);
Output : $2y$10$.vGA19Jh8YrwSJFDodbfoHJIOFH)DfhuofGv3Fykk1a
Below programs illustrate the passwor_hash() function in PHP: Program 1:
echo password_hash("GFG@123", PASSWORD_DEFAULT);

Program 2:
$options = [
    'cost' => 12,
echo password_hash("GFG@123", PASSWORD_BCRYPT, $options);

Program 3:
$timeTarget = 0.069; // 69 milliseconds 
$cost = 8;
do {
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);
echo "The appropriate cost is: " . $cost;

The appropriate cost is: 10
Program 4:
echo 'Argon2i hash: ' . password_hash('GFG@123', PASSWORD_ARGON2I);

Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YUNvTkJBT2dEejQuUVQvRQ$+96jm/eISqZ7+P9n0DrsBf25piwfnLRy2Yy1VYmb9iI

Last Updated : 04 Jul, 2019
Like Article
Save Article
Share your thoughts in the comments
Similar Reads