Answer the question
In order to leave comments, you need to log in
Question about the password hashing function?
In the manual php.net/manual/ru/function.password-hash.php example: password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
And note:
PASSWORD_DEFAULT - the bcrypt algorithm is used (default since PHP 5.5.0). Note that the algorithm used may change over time to a stronger one when one is added to PHP. Accordingly, the length of the result may change over time. Because of this, it is recommended to choose a field length greater than 60 characters to store in the database (255 characters could be a good option).
Does this mean that one day, when moving to a newer version of PHP, old users will not be able to get into the database without recreating the password, because the algorithm has changed. Will he hash the password with the new method, but compare it with the hash in the database obtained by the old method?
Answer the question
In order to leave comments, you need to log in
No
php.net/manual/en/function.password-hash.php
The algorithm used, cost and salt will be returned as part of the hash. Thus, the information needed to verify the hash will be included in it. This will allow the password_verify() function to verify the hash without having to store the salt and algorithm information separately.
Yes. Therefore, you can immediately specify PASSWORD_BCRYPT, or sometime later, when you move, specify (if necessary).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question