Reputation: 345
How to get the random salt from password_hash in PHP?
I've read in the manual that the PHP-function password_hash() uses a random salt to hash the password. How to get this random salt for saving it to database?
Upvotes: 0
Views: 5372
Answers (2)
Reputation: 180075
A salt is generated automatically and randomly when you run password_hash. It will be different every time, even for the same password. That's good! From the docs:
You should not manually set or in any way modify the salt. Just save the entire hash in the database, and let PHP handle it. password_hash and password_verify, by default, use the industry standard bcrypt algorithm in a manner complying with industry best practices. Modifying that behavior is likely to make your site less secure.
Upvotes: 8
Reputation: 999
It's quite simple, look here: http://php.net/manual/en/faq.passwords.php#faq.password.storing-salts
But actually you shouldn't need it, because password_verify() doesn't need the salt manually.
Upvotes: 3
Related Questions
- How does the hash match when the salt is generated randomly in password_hash?
- Generating a salt in PHP
- Getting raw passwords from a salt
- PHP hashed & salted password
- Returning the salt value used in PHP's new password hashing API
- hashing password with salt
- How to hash a password with random salt?
- How does PHP's password_hash generate the salt?
- How to random salt for SHA512
- How should I incorporate the salt in my password hash?