How to Hashing Password in PHP 5.5 with Password Hashing API
Php 05-Oct-2016

How to Hashing Password in PHP 5.5 with Password Hashing API

This tutorial show you how to hashing passwords in PHP 5.5 with hashing API. There is a large number of web developers using old and less secure algorithm like MD5 and SHA1 encryption etc but those passwords are plain strings. In this new hashing API it uses bcrypt (its a  key derivation function for passwords). In this article we are going to explore PHP’s new hashing API.
password_hash() – used to hash the password.
password_verify() – used to verify a password against its hash.
Password_hash()

<?php
$password = "phpgang";
$hash = password_hash($passwod, PASSWORD_DEFAULT);
?>

Hash generated from above code is:
$2y$10$vdd/HDckxSzFdOMLZ4Rhh.M3MQeOsPCwcsvAFW3MJWMKdxdv63.

In this function the first parameter is your password and second parameter used to specify the algorithm to hash password.

PASSWORD_DEFAULT – is the bcrypt algorithm (default as of PHP 5.5.0).

If you are using PASSWORD_DEFAULT in your projects, its recommended to create column size must be larger than 60 characters to save hash if you define column to 255 would be good.

Most important is that you don’t have to provide salt (appending or pre-appending is called salt) this API can automatically generate random salt but if you want to give your own salt then there is an options to add it as a third parameter in it.

<?php
$options = [
    'salt' => function_for_salt(), // write your own code to generate a salt
    'cost' => 11 // allows for you to change the CPU cost of the algorithm
];
echo password_hash($password, PASSWORD_DEFAULT, $options);
?>

We have generated hashed password with this new API now its time to verify these passwords with password_verify(). This function takes plain password and hashed password which we have saved in database.
Password_verify()
<?php
$passwod = "phpgang";
$hash = "$2y$10$vdd/HDckxSzFdOMLZ4Rhh.M3MQeOsPCwcsvAFW3MJWMKdxdv63.";
if (password_verify($password, $hash))
{
    // Password valid!!
}
else
{
    // Invalid password.
}
?>
This way you can verify your passwords and make your websites passwords strong with the latest API. If you are not using PHP 5.5 then there is a library available you can use that library [here] and create passwords in latest encryption.

Previous Post

Next Post

0 Comments
Leave a Reply

Facebook Page
Coding-Help-Tech
Save & Follower
Newsletter Signup

Sign up to receive latest updates with Codinghelptech!

Recent Posts
Popular Tag
Tips & Tricks Mysql Nosql Sql Server Javascript Jquery Node Js Angular JS Codeigniter Wordpress Magento Html Css3 Bootstrap Php Html5 Tech-News React JS Laravel Python