PHP

hash a password php

// To hash the password, use
password_hash("MySuperSafePassword!", PASSWORD_DEFAULT)
  
// To compare hash with plain text, use
password_verify("MySuperSafePassword!", $hashed_password)

php hash password

/* User's password. */
$password = 'my secret password';

/* Secure password hash. */
$hash = password_hash($password, PASSWORD_DEFAULT);

php hash password

//hash password
$pass = password_hash($password, PASSWORD_DEFAULT);

//verify password
password_verify($password, $hashed_password); // returns true

password hash php

//hash password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);

//verify password
password_verify($password, $hashed_password); // returns true

password_hash

<?php
/**
 * For the VAST majority of use-cases, let password_hash generate the salt randomly for you.
 */
$password = 'idkWhatToUse';

$hashedPassword= password_hash($password, PASSWORD_DEFAULT);
?>

php hash

$password = 'test123';

/*
	Always use salt for security reasons.
    I'm using the BCRYPT algorithm use any valid one you like.
*/
$options['salt'] = 'usesomesillystringforsalt';
$options['cost'] = 3;
echo password_hash($password, PASSWORD_BCRYPT, $options)

php hash password

<?php
/**
 * We just want to hash our password using the current DEFAULT algorithm.
 * This is presently BCRYPT, and will produce a 60 character result.
 *
 * Beware that DEFAULT may change over time, so you would want to prepare
 * By allowing your storage to expand past 60 characters (255 would be good)
 */
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
?>

php hash

<?php
echo hash('ripemd160', 'The quick brown fox jumped over the lazy dog.');
?>

php hash password

<?php
/**
 * In this case, we want to increase the default cost for BCRYPT to 12.
 * Note that we also switched to BCRYPT, which will always be 60 characters.
 */
$options = [
    'cost' => 12,
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
?>

php hash password

/* New password. */
$password = $_POST['password'];

/* Remember to validate the password. */

/* Create the new password hash. */
$hash = password_hash($password, PASSWORD_DEFAULT);

php hash password

CREATE TABLE `accounts` (
  `account_id` int(10) UNSIGNED NOT NULL,
  `account_name` varchar(255) NOT NULL,
  `account_passwd` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

ALTER TABLE `accounts`
  ADD PRIMARY KEY (`account_id`);

ALTER TABLE `accounts`
  MODIFY `account_id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT;

hash php

$password = md5($_POST['password']);

password_hash

<?php
/**
 * In this case, we want to increase the default cost for BCRYPT to 12.
 * Note that we also switched to BCRYPT, which will always be 60 characters.
 */
$options = [
    'cost' => 12,
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
?>

php hash password

// config.conf
pepper=c1isvFdxMDdmjOlvxpecFw

<?php
// register.php
$pepper = getConfigVariable("pepper");
$pwd = $_POST['password'];
$pwd_peppered = hash_hmac("sha256", $pwd, $pepper);
$pwd_hashed = password_hash($pwd_peppered, PASSWORD_ARGON2ID);
add_user_to_database($username, $pwd_hashed);
?>

<?php
// login.php
$pepper = getConfigVariable("pepper");
$pwd = $_POST['password'];
$pwd_peppered = hash_hmac("sha256", $pwd, $pepper);
$pwd_hashed = get_pwd_from_db($username);
if (password_verify($pwd_peppered, $pwd_hashed)) {
    echo "Password matches.";
}
else {
    echo "Password incorrect.";
}
?>

php hash

<?php
echo hash('ripemd160', 'The quick brown fox jumped over the lazy dog.');
?>

php hash password

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

php password_hash

<?php
/**
 * We just want to hash our password using the current DEFAULT algorithm.
 * This is presently BCRYPT, and will produce a 60 character result.
 *
 * Beware that DEFAULT may change over time, so you would want to prepare
 * By allowing your storage to expand past 60 characters (255 would be good)
 * Other algorithms such as PASSWORD_BCRYPT and PASSWORD_ARGON2ID may be used
 * instead of PASSWORD_DEFAULT
 */
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
?>

hash php

I was interested how "long" each hash is, so I did:



<?php

$data = "password";



foreach (hash_algos() as $v) {

        $r = hash($v, $data, false);

        printf("%-12s %3d %s
", $v, strlen($r), $r);

}

?>



which produce (long hashes are cropped)



md2           32 a9046c73e00331af68917d3804f70655                   

md4           32 866437cb7a794bce2b727acc0362ee27

md5           32 5d41402abc4b2a76b9719d911017c592

sha1          40 aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d

sha256        64 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e730

sha384        96 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553

sha512       128 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2d

ripemd128     32 789d569f08ed7055e94b4289a4195012

ripemd160     40 108f07b8382412612c048d07d13f814118445acd

ripemd256     64 cc1d2594aece0a064b7aed75a57283d9490fd5705ed3d66bf9a

ripemd320     80 eb0cf45114c56a8421fbcb33430fa22e0cd607560a88bbe14ce

whirlpool    128 0a25f55d7308eca6b9567a7ed3bd1b46327f0f1ffdc804dd8bb

tiger128,3    32 a78862336f7ffd2c8a3874f89b1b74f2

tiger160,3    40 a78862336f7ffd2c8a3874f89b1b74f2f27bdbca

tiger192,3    48 a78862336f7ffd2c8a3874f89b1b74f2f27bdbca39660254

tiger128,4    32 1c2a939f230ee5e828f5d0eae5947135

tiger160,4    40 1c2a939f230ee5e828f5d0eae5947135741cd0ae

tiger192,4    48 1c2a939f230ee5e828f5d0eae5947135741cd0aefeeb2adc

snefru        64 7c5f22b1a92d9470efea37ec6ed00b2357a4ce3c41aa6e28e3b

gost          64 a7eb5d08ddf2363f1ea0317a803fcef81d33863c8b2f9f6d7d1

adler32        8 062c0215

crc32          8 3d653119

crc32b         8 3610a686

haval128,3    32 85c3e4fac0ba4d85519978fdc3d1d9be

haval160,3    40 0e53b29ad41cea507a343cdd8b62106864f6b3fe

haval192,3    48 bfaf81218bbb8ee51b600f5088c4b8601558ff56e2de1c4f

haval224,3    56 92d0e3354be5d525616f217660e0f860b5d472a9cb99d6766be

haval256,3    64 26718e4fb05595cb8703a672a8ae91eea071cac5e7426173d4c

haval128,4    32 fe10754e0b31d69d4ece9c7a46e044e5

haval160,4    40 b9afd44b015f8afce44e4e02d8b908ed857afbd1

haval192,4    48 ae73833a09e84691d0214f360ee5027396f12599e3618118

haval224,4    56 e1ad67dc7a5901496b15dab92c2715de4b120af2baf661ecd92

haval256,4    64 2d39577df3a6a63168826b2a10f07a65a676f5776a0772e0a87

haval128,5    32 d20e920d5be9d9d34855accb501d1987

haval160,5    40 dac5e2024bfea142e53d1422b90c9ee2c8187cc6

haval192,5    48 bbb99b1e989ec3174019b20792fd92dd67175c2ff6ce5965

haval224,5    56 aa6551d75e33a9c5cd4141e9a068b1fc7b6d847f85c3ab16295

haval256,5    64 348298791817d5088a6de6c1b6364756d404a50bd64e645035f

php hash password

$password = 'my password';

echo password_hash($password, PASSWORD_DEFAULT);
echo '<br>';
echo password_hash($password, PASSWORD_DEFAULT);

hash php

$salt=sha1($postpassword);
    $arr= strlen($postpassword);
    $count=ceil($arr/2);
    $stringarr=str_split($postpassword,$count);
    $password1=hash("sha512", $stringarr['0']); 

    $password2=$salt . ( hash( 'whirlpool', $salt . $stringarr['1'] ) );
    return $password1.$password2;

php hash password

<?php
echo 'Argon2i hash: ' . password_hash('rasmuslerdorf', PASSWORD_ARGON2I);
?>

php hash password

/* User's password. */
$password = 'my secret password';

/* MD5 hash to be saved in the database. */
$hash = md5($password);

php hash password

/* Password. */
$password = 'my secret password';

/* Set the "cost" parameter to 12. */
$options = ['cost' => 12];

/* Create the hash. */
$hash = password_hash($password, PASSWORD_DEFAULT, $options);