Menu
According to (relatively) new PHP documentation:
The password_hash function uses a random salt (which we should not worry about.. O_O), so if I understand correctly the salt has to be stored somewhere, else the user won't be able to login after registering to a website (different salt => different hash.)
The function documentation doesn't tell anything about interaction with a DB, and since I think storing per-user data is scalable only with a DB, where the heck does that function store the random salt? A txt file like session data?
422
Let's learn by example from what everyone else is telling you:
$options = [
'cost' => 11,
'salt' => 'abcdefghijklmnopqrstuv',
];
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT, $options)."\n";
Output:
$2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm
The bolded parts are your cost and salt, respectively embedded in the resulting hash.
You can spit this back into password_verify and it will handle it accordingly:
print_r(password_verify('rasmuslerdorf', '$2y$11$abcdefghijklmnopqrstuu7aZVUzfW85EB4mHER81Oudv/rT.rmWm')); // true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
