I'm trying to understand how the below function works from Laravel 4.2 in the BcryptHasher.php file:
/**
* Hash the given value.
*
* @param string $value
* @param array $options
* @return string
*
* @throws \RuntimeException
*/
public function make($value, array $options = [])
{
$cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;
$hash = password_hash($value, PASSWORD_BCRYPT, ['cost' => $cost]);
if ($hash === false) {
throw new RuntimeException('Bcrypt hashing not supported.');
}
return $hash;
}
I think I understand everything except for this line:
$cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;
I understand that the default of $this->rounds is set to 10, which then is the "cost" that the password will be hashed at. However, I'm confused as to what the $options array is doing and how that might affect the cost?
The Laravel Hash facade provides secure Bcrypt and Argon2 hashing for storing user passwords. If you are using one of the Laravel application starter kits, Bcrypt will be used for registration and authentication by default.
The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the AuthController controller that is included with your Laravel application, it will be take care of verifying the Bcrypt password against the un-hashed version provided by the user.
Hashing types make the most difference here, with bcrypt encrypted passwords requiring over 22 years to crack, according to our testing.
From Laravel 5 onward, you can use the bcrypt() function to hash a plaintext. So, you can save that hashed password in DB and then, compare the hashed password again to match. $save_password = bcrypt('plain_text_password'); $check_password = bcrypt('provided_password_while_login_request'); And then, compare these two.
You can pass in the options when you call the make
method.
For example, using the facade:
$hashed = Hash::make($value, ['rounds' => 8]);
If you don't pass in the cost
, it'll use $this->rounds
, which is 10
.
in laravel 5.5 and before, because the hash rounds number is hardcoded in these versions, there is no way, unless you build a facade or service to handle having default hashing rounds number based on what you desire and then use your wrapper class instead of the original Hash class.
But, Since laravel 5.6, the default hashing rounds number is stored in the config/hashing.php
file and you can change the default to what you desire using this section or setting the BCRYPT_ROUNDS
environment variable in your .env
file.
/*
|--------------------------------------------------------------------------
| Bcrypt Options
|--------------------------------------------------------------------------
|
| Here you may specify the configuration options that should be used when
| passwords are hashed using the Bcrypt algorithm. This will allow you
| to control the amount of time it takes to hash the given password.
|
*/
'bcrypt' => [
'rounds' => env('BCRYPT_ROUNDS', 10),
],
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With