Transliterate - warwickfoster/qurantools GitHub Wiki
File: app/library/hash.php
Purpose
The provided code snippet implements a PHP function called hash_password() for password hashing and a function called match_hash() that simply echoes a message.
Hashing Process
- The
hash_password()function uses the Blowfish algorithm with a cost parameter of 10. - It generates a random salt and prefixes it with the Blowfish algorithm information.
- The password is then hashed using the
crypt()function with the generated salt.
Verification
- The
match_hash()function simply echoes the message "OK!".
Usage
The hash_password() function can be used to hash a password. The returned hash value can then be stored securely in a database.
Additional Notes
- The
costparameter of the Blowfish algorithm affects the security of the hash. A higher cost value results in a more secure hash but takes longer to generate. - The
random_bytes()function is used to generate a cryptographically secure salt. - The
crypt()function is used to hash the password with the Blowfish algorithm and the salt. - The
$2a$prefix in the salt indicates the Blowfish algorithm and the cost parameter.
Example
// Hash a password
$password = "password123";
$hash = hash_password($password);
// Store the hash value securely in a database
// Verify the password
if (password_verify($password, $hash)) {
// Password matches
} else {
// Password does not match
}