How to secure hash and salt for PHP passwords?

PHP

Salting and hashing: In PHP, saving a password using salting and hashing is done with the password_hash() method. This method takes three parameters and returns the final hash of this password. Syntax:
string password_hash (string $pass, int $algo, array $options)
Parameters :
  • $pass: This parameter contains the password that must be protected and stored in the database.
  • $algo: defines the hashing algorithm, which is used to create the $pass hash. Some of the algorithm options in php are:
  • PASSWORD_DEFAULT: use bcrypt algorithm (default in PHP 5.5.0). This constant is intended to change over time as new and stronger algorithms are added to PHP.
  • PASSWORD_BCRYPT: This is the CRYPT_BLOWFISH algorithm for generating the hash. Result on a 60 character string, or FALSE on error.
  • $options: salted part. Requires salt in a cost form factor. Optionally, if left blank, a default value is added to the string (in most cases it is 10). Note that a higher cost leads to a more secure password and thus increases CPU utilization.
Return Value: Returns a hashed password and FALSE on error . Example: This example demonstrates reading password_hash(), generating a hash, and comparing it.  
// Save the string to a variable $password = `Password` ;  
// Use the password_hash() function for
// generate password hash $hash_default_salt = password_hash ( $password , PASSWORD_DEFAULT); $hash_variable_salt = password_hash ( $password , PASSWORD_DEFAULT, array ( `cost` = > 9));  
// Use the password_verify() function for
// check if the password matches echo password_verify (< / code> `Password` , $hash_default_salt ). "< br >" ; echo password_verify ( ` Password` , $hash_variable_salt ). "< br >" ; echo password_verify ( ` Password123` , $hash_default_salt );  
?>
Output:
1 1 0
This example uses the password_verify() method to compare the generated hash with the string entered as a parameter. It takes a hash and a comparison string as parameters and returns true if the password is correct, otherwise it returns false.



Get Solution for free from DataCamp guru