Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The function <code>password_hash()</code> is just a wrapper around the function <code>crypt()</code>, and shall make it easier to use it correctly. It takes care of the generation of a safe random salt, and provides good default values.</p> <p>The easiest way to use this function will be:</p> <pre><code>$hash = password_hash($password, PASSWORD_DEFAULT); </code></pre> <p>That means, the function will hash the password with BCrypt (algorithm <code>2y</code>), generates a random salt, and uses the default cost (at the moment this is 10). These are good default values, particularly i would <strong>not</strong> generate the salt of your own, it is easy to make mistakes there.</p> <p>Should you want to change the cost parameter, you can do it like that:</p> <pre><code>$hash = password_hash($password, PASSWORD_BCRYPT, ["cost" =&gt; 11]); </code></pre> <p>Increasing the cost parameter by 1, doubles the needed time to calculate the hash value. The cost parameter is the logarithm (base-2) of the iteration count, that means:</p> <pre><code>$iterations = 2 ^ $cost; </code></pre> <p>Edit:</p> <p>I missed the point, that you want to generate your own class. For PHP version 5.3.7 and later, there exists a <a href="https://github.com/ircmaxell/password_compat/blob/master/lib/password.php" rel="nofollow noreferrer">compatibility pack</a>, from the same author that made the <code>password_hash()</code> function. You can either use this code directly, or look at the well crafted implementation. For PHP versions before 5.3.7 there is no support for <code>crypt</code> with <code>2y</code>, the unicode aware BCrypt algorithm. You can instead use <code>2a</code>, which is the best alternative for earlier PHP versions. I did an <a href="http://www.martinstoeckli.ch/php/php.html#bcrypt" rel="nofollow noreferrer">example</a> with a lot of comments, maybe you want to have a look at it too.</p> <p>P.S. The expressions "salt" and "cost factor" are used correctly in <code>password_hash()</code>, the crypt() function though, uses the word salt for all crypt parameters together, that's a bit misleading.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload