Reputation: 97
password hashes, from php 5.4 to 5.6
I have an old database with users and their password hashes generated using php 5.4 with the following function:
password_hash($password, PASSWORD_DEFAULT, 10);
Now i'm creating a new website with laravel with php 5.6, and I want to let the old users log in into the new one with their same credentials.
However, I understand that PASSWORD_DEFAULT is not the bcrypt algo on PHP < 5.5, but it does use bcrypt on my new install of php 5.6.
How can I let the old users login into my website without resetting all their passwords? Is this possible?
Upvotes: 2
Views: 1064
Answers (1)
Reputation: 34103
password_hash($password, PASSWORD_DEFAULT, 10);
Surely you mean this?
password_hash($password, PASSWORD_DEFAULT, ['cost' => 10]);
However, I understand that PASSWORD_DEFAULT is not the bcrypt algo on PHP < 5.5
That's because password_hash() and password_verify() did not exist in PHP 5.4. You're probably using ircmaxell/password_compat which offers this functionality in 5.4. Also, PASSWORD_DEFAULT is bcrypt in password_compat.
Either way, this should "just work". If it doesn't, you had a weird and possibly insecure set-up from the get-go.
Upvotes: 1
Related Questions
- password_compat for older php version
- Is PHP's password_hash() Backwards Compatible?
- Password-Hashing with Taylor Hornby (Defuse)'s Compatible version works with all PHP versions?
- password_hash function in php 5.5
- password_hash() not working with PHP5.5.12
- PHP < 5.5: password_hash compatible crypt hashing
- Best alternative for password_hash in PHP 5.3.27?
- what is an alternative to password_hash() for (PHP 5 < 5.5.0)?
- PHP password hashing with password_compat library
- bcrypt on php 5.2 or 5.3