��ɢ�У�hash��

˵��

password_hash ( string $password , int $algo [, array $options ] ) : string

password_hash() ʹ��㹻ǿ�ȵĵ��ɢ��㷨��ɢ�У�hash�� password_hash() �� crypt()�� ԣ� crypt() ��ɢ��Ҳ�� password_hash()��

��ǰ֧�ֵ��㷨��

PASSWORD_DEFAULT - ʹ�� bcrypt �㷨 (PHP 5.5.0 Ĭ��)�� ע�⣬�ó�� PHP ��¸��ǿ�ȵ��㷨��ı䡣 ��ԣ�ʹ�ô˳��ɽ��ĳ��Ƚ��δ��б仯�� ˣ��ݿ��ﴢ��пɳ��60��ַ��255��ַ��
PASSWORD_BCRYPT - ʹ�� CRYPT_BLOWFISH �㷨��ɢ�С� ��ʹ�� "$2y$" �� crypt()�� 60 ��ַ��ַ�� ʧ��ʱ�� FALSE��
PASSWORD_ARGON2I - ʹ�� Argon2 ɢ��㷨��ɢ�С�

PASSWORD_BCRYPT ֧�ֵ�ѡ�

salt(string) - �ֶ��ṩɢ��ֵ��salt��⽫��Զ��ֵ��salt��

ʡ�Դ�ֵ��password_hash() ��Ϊÿ��ɢ��Զ��ֵ��ֲ��ģʽ��

Warning
��ֵ��salt��ѡ�� PHP 7.0.0 ��ʼ��deprecated��ˡ� ��ѡ��򵥵�ʹ��Ĭ�ϲ��ֵ��
cost (integer) - ��㷨ʹ�õ� cost��crypt() ҳ�� cost ֵ��ӡ�

ʡ��ʱ��Ĭ��ֵ�� 10�� cost �Ǹ��ĵ��ߣ��Ҳ��Ը��Լ�Ӳ��Ӵ��ֵ��

PASSWORD_ARGON2I ֧�ֵ�ѡ�

memory_cost (integer) - �� Argon2 ɢ��ʱ��ڴ棨��λ��ֽ� byte��Ĭ��ֵ�� PASSWORD_ARGON2_DEFAULT_MEMORY_COST��
time_cost (integer) - �� Argon2 ɢ��ʱ��ʱ�䡣Ĭ��ֵ�� PASSWORD_ARGON2_DEFAULT_TIME_COST��
threads (integer) - �� Argon2 ɢ��ʱ��߳��Ĭ��ֵ�� PASSWORD_ARGON2_DEFAULT_THREADS��

��

password

�û��롣

Caution

ʹ��PASSWORD_BCRYPT ��㷨��ʹ password ��Ϊ72��ַ��ᱻ�ضϡ�

algo

һ��ɢ��ʱָʾ�㷨��㷨��

options

һ��ѡ��Ĺ��顣Ŀǰ֧��ѡ�salt��ɢ��ʱ�ӵ��Σ��ַ��Լ�cost��ָ��㷨�ݹ�Ĳ��ֵ��ӿ�� crypt() ҳ��ҵ��

ʡ�Ժ󣬽�ʹ��ֵ��Ĭ�� cost��

��ֵ

��ɢ�к��룬 ��ʧ��ʱ�� FALSE��

ʹ�õ��㷨��cost ��ֵ��Ϊɢ�е�һ��ַ��ء��֤ɢ��ֵ��Ϣ��Ѿ��ڡ� ��ʹ password_verify() ��֤��ʱ�򣬲��Ҫ��ⴢ��ֵ��㷨��Ϣ��

��

Example #1 password_hash() ��


<?php
/**
 * ������Ҫʹ��Ĭ���㷨ɢ������
 * ��ǰ�� BCRYPT��������� 60 ���ַ��Ľ����
 *
 * ��ע�⣬��ʱ�����ƣ�Ĭ���㷨���ܻ��б仯��
 * ������Ҫ����Ŀռ��ܹ����� 60 �֣�255�ֲ���
 */
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
?>

��̵��ڣ�

$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a

Example #2 password_hash() �ֶ�� cost ��


<?php
/**
 * ��������������Ϊ BCRYPT ���� cost �� 12��
 * ע�⣬�����Ѿ��л����ˣ���ʼ�ղ��� 60 ���ַ���
 */
$options = [
    'cost' => 12,
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
?>

��̵��ڣ�

$2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K

Example #3 password_hash() �ֶ��ֵ��


<?php
/**
 * ע�⣬�������ֵ����������ġ�
 * ��Զ����Ҫʹ�ù̶���ֵ�����߲���������ɵ���ֵ��
 *
 * �����������£������� password_hash generate Ϊ���Զ����������ֵ
 */
$options = [
    'cost' => 11,
    'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
?>

��̵��ڣ�

$2y$11$q5MkhSBtlsJcNEVsYh64a.aCluzHnGog7TQAKVmQwO9C8xb.t89F.

Example #4 Ѱ�� cost �� password_hash() ��


<?php
/**
 * ������ӶԷ��������˻�׼���ԣ�benchmark�������������ܳ��ܶ�ߵ� cost
 * �ڲ���������������������¿���������ߵ�ֵ
 * 8-10 �Ǹ�����ĵ��ߣ��ڷ��������������£�Խ��Խ�á�
 * ���´���Ŀ��Ϊ  �� 50 ���루milliseconds����
 * �ʺ�ϵͳ��������¼��
 */
$timeTarget = 0.05; // 50 ���루milliseconds�� 

$cost = 8;
do {
    $cost++;
    $start = microtime(true);
    password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
    $end = microtime(true);
} while (($end - $start) < $timeTarget);

echo "Appropriate Cost Found: " . $cost;
?>

��̵��ڣ�

Appropriate Cost Found: 10

Example #5 ʹ�� Argon2 ��password_hash()��


<?php
echo 'Argon2 hash: ' . password_hash('rasmuslerdorf', PASSWORD_ARGON2I);
?>

��̵��ڣ�

Argon2 hash: $argon2i$v=19$m=1024,t=2,p=2$YzJBSzV4TUhkMzc3d3laeg$zqU/1IN0/AogfP4cmSJI1vc8lpXRW9/S0sYY2i2jHT0

ע��

Caution

ǿ�ҽ��鲻Ҫ�Լ�Ϊ��ֵ��salt��ֻҪ��ã��Զ��ȫ��ֵ��

��ἰ�ģ�� PHP 7.0 �ṩ saltѡ��ᵼ�·��deprecation��档 δ�� PHP ��а���ֶ��ṩ��ֵ�Ĺ��ܿ��ܻᱻɾ��

Note:
�ڽ��ϵͳ�ϣ��Ƽ��Լ��ķ��ϲ��Դ˺�� cost ��ֱ��ʱ�俪��С�� 100 ��루milliseconds�� ű��ӻ��ѡ��Ӳ�� cost��

Note: ��֧�ֵ��㷨ʱ��޸�Ĭ��㷨��ض��¹��

�κ��ں��е��㷨��ھ��һ�� PHP ��в��ܳ�ΪĬ��㷨�� 磬�� PHP 7.5.5 ��ӵ��㷨�� PHP 7.7 ֮ǰ��ܳ�ΪĬ��㷨 �� 7.6 �ǵ�һ��а棩�� 7.6.0 ��ӵĲ�ͬ�㷨�� 7.7.0 ��Ҳ��Գ�ΪĬ��㷨��

��а��޸�Ĭ��㷨�� 7.3.0, 8.0.0��ȵȣ��޶��档 Ψһ��ǣ��ڵ�ǰĬ��㷨�﷢��˽��İ�ȫ��в��

��־

�汾	˵��
7.2.0	�� `PASSWORD_ARGON2I`��֧�� Argon2 ��ɢ��㷨��

�μ�

password_verify() - ��֤��Ƿ��ɢ��ֵƥ��
crypt() - ��ַ��ɢ��
» �û��ʹ��

password_hash

˵��

����

����ֵ

����

ע��

������־

�μ�

��

��ֵ

��

��־