PHP Classes
PHP Classes
elePHPant
Icontem

How Can PHP Create Secure Password Hash 2019 Way - PHP Argon2 Password Verify package blog

Recommend this page to a friend!
  All package blogs All package blogs   PHP Argon2 Password Verify PHP Argon2 Password Verify   Blog PHP Argon2 Password Verify package blog   RSS 1.0 feed RSS 2.0 feed   Blog How Can PHP Create Se...  
  Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  

Author:

Updated on: 2019-05-09

Posted on:

Package: PHP Argon2 Password Verify

As you may know, a hashing is a one-way process to create a string from another string in a way that it is very hard to determine the original string that was used to create the hash because a hashing function only works one way.

Hashing functions are often used before storing passwords to make it hard to guess the original password in case of a security breach.

Read this article to learn more about modern PHP hashing methods that make them hard to break these days.




Short Introduction to Hashing

Hashing is the application of a function f() to input of a variable size to produce output of a constant size.

A => f() => X
B => f() => Y
C => f() => Z

A hash is also the result of a one-way function. This means that there isn't a function to reverse or undo a hash. As well re-applying the hash f(f(x)) isn't going to product x again.

The hashing of passwords follows this process as described above. However it comes with some special considerations. Many of the properties that make up a good hash function are not beneficial when it comes to passwords.

PHP password hashing support will bundled in next release of Zest Framework (3.0.0). But this package can be used just by in any PHP application or frameworks.

PHP Argon2 Password Verify Package

This package provides secure Bcrypt and Argon2 hashing for storing user passwords.

Requirements

  1. PHP 7 (7.3 recommended).
  2. Composer.
The Argon2i driver requires PHP 7.2.0 or greater and the Argon2id driver requires PHP 7.3.0 or greater.
Bcrypt is a great choice for hashing passwords because its 'work factor' parameter is configurable, which means that the time it takes to generate a hash can be increased as hardware power increases.

Installation

Installing this package is very simple, first ensure you have the right PHP version and composer installed. Then in your command line terminal enter:

composer require lablnet/hashing

Basic Usage

You may create a hash for a password by calling the make method on the Hashing Class:

<?php
 
use Lablnet\Hashing;
require '../vendor/autoload.php';
$hashing = new Hashing();
//Original password
$password = 123456;
//Hash the password
$password_hash = $hashing->make($password);
echo $password_hash;

Adjusting The Argon2 Work Factor

If you are using the Argon2I or Argon2Id algorithm, the make method allows you to manage the work factor of the algorithm using the memory, time, and thread options:

$hashing = new Hashing('argon2i');

$password_hash = $hashing->make($password, [
'memory' => 1024,
'time' => 2,
'threads' => 2,
]);
For more information on these options, check out the official PHP documentation.

Verifying a Password Against a Hash

The verify method allows you to verify that a given plain-text string corresponds to a given hash.

if ($hashing->verify($password,$password_hash)) {
//The password matched.
}

Checking If A Password Needs To Be Rehashed

The needsRehash function allows you to determine if the work factor used by the hashing has changed since the password was hashed:

if ($hashing->needsRehash($hashed)) {
$password_hash = $hashing->make($password);
}

Supported Algorithms

This package supports 3 algorithms:

  • Bcrypt
  • Argon2I
  • Argon2ID

To use different algorithms we can use the following code:

$hashing = new Hashing('supported-algorithm');
$bvcryptHashing = new Hashing('bcrypt');

Changing the Default Work Factors

You can provide default work factors like this:

// Argon2
$argon2Hashing = new Hashing('argon2i', [
'memory' => 1024,
'time' => 2,
'threads' => 2,
'verify' => false,
]);
//Bcrypt
$vcryptHashing = new Hashing('bcrypt'[
'cost' => 12,
'verify' => false,
]);

When the verify option is set to true, the class will also verify if the algorithm generated a correct hash for the password.

This article was originally posted in https://zestframework.xyz/blog/view/sRHfgAJ/PHP+secure+password+hashing+in+2019




You need to be a registered user or login to post a comment

1,528,011 PHP developers registered to the PHP Classes site.
Be One of Us!

Login Immediately with your account on:

FacebookGmail
HotmailStackOverflow
GitHubYahoo


Comments:

No comments were submitted yet.




  Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  
  All package blogs All package blogs   PHP Argon2 Password Verify PHP Argon2 Password Verify   Blog PHP Argon2 Password Verify package blog   RSS 1.0 feed RSS 2.0 feed   Blog How Can PHP Create Se...