Reputation: 102
PHP Password_Hash Function
I've been reading up on the usage of the PHP Password_Hash Function it states that it automatically generates a salt and manually generating one is not advised.
With this in mind, does this mean I can execute the following code:
$password = password_hash('mypassword', PASSWORD_DEFAULT);
creating a hashed and salted password that needs nothing further doing to it other than storing into a MySQL table column?
Upvotes: 2
Views: 608
Answers (2)
Reputation: 52371
password_hash generates both the salt and the hash. It then combines them into a single string, so you don't have to store them separately, like it's usually done.
That's also why password_verify takes only two parameters: a password and a combination of salt and hash.
Generating your own salt is not advised because you might do it wrong. For example, you could create one incorrectly by generating a predictable string or making it too short. Additionally, since the password_hash function already does that, why bother? If the user changes the password then usually both the hash and the salt are regenerated.
Upvotes: 4
Reputation: 96
Yes. You can then retrieve it and use password_verify() to check to see if a user-supplied password matches the stored hash.
Upvotes: 0
Related Questions
- How to use PHP's password_hash to hash and verify passwords
- How to use php's password_hash() method..?
- Issues implementing password_hash in PHP
- Questions regarding PHP's password_hash()
- PHP: Password Hashing
- PHP hash_password function
- Password hash using various methods
- password_hash function in php 5.5
- PHP Password Hashing
- php hashed password creation