PHP Function Password_Needs_Rehash

PHP has a built-in password hashing function that allows you to create a strong one-way hashed string. This is important because a hashed password cannot be decrypted back to its original form, so it will only be readable by the website owner who created it. It's best practice to use a salt in conjunction with this function, as well.

Password hashing in PHP has been made easy since PHP 5.5 with the introduction of the password_hash() and password_verify() functions. Both of these have a number of different algorithms to choose from. In addition, you can also configure a default algorithm that will be used if you don't specify an algorithm in your application. This is done by setting the PASSWORD_DEFAULT constant.

Hashing with PHP has been made even easier since PHP 7.2, when the new Argon2 password hashing algorithm was introduced. This is a much faster and more secure hashing algorithm than the current default of Bcrypt.

Using the php function password_needs_rehash you can detect when a password hash needs to be rehashed, for example because the algorithm or options have been changed. The function can be called with a hash, an algorithm, and optionally the cost factor. If the hash is a valid one, it returns true, otherwise it will return false.

When using this function, it is recommended to test the hashing speed of your hardware. Ideally, you want the cost to be set to an amount that balances performance with security against brute force.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

password_needs_rehash example

return $hash;
    }

    /** * @param string $hash * * @return bool */
    public function isReencodeNeeded($hash)
    {
        return password_needs_rehash($hash, PASSWORD_ARGON2I, $this->options);
    }
}
return $hash;
    }

    /** * @param string $hash * * @return bool */
    public function isReencodeNeeded($hash)
    {
        return password_needs_rehash($hash, PASSWORD_ARGON2ID, $this->options);
    }
}
return $hash;
    }

    /** * @param string $hash * * @return bool */
    public function isReencodeNeeded($hash)
    {
        return password_needs_rehash($hash, PASSWORD_BCRYPT, $this->options);
    }
}
    if (strlen($password) > static::PASSWORD_MAX_LENGTH) {
      return FALSE;
    }

    return password_verify($password$hash);
  }

  /** * {@inheritdoc} */
  public function needsRehash(#[\SensitiveParameter] $hash) {     return password_needs_rehash($hash$this->algorithm, $this->options);
  }

}


        if (\extension_loaded('libsodium') && version_compare(phpversion('libsodium'), '1.0.14', '>=')) {
            return \Sodium\crypto_pwhash_str_verify($hashedPassword$plainPassword);
        }

        return password_verify($plainPassword$hashedPassword);
    }

    public function needsRehash(string $hashedPassword): bool
    {
        return password_needs_rehash($hashedPassword$this->algorithm, $this->options);
    }
}
Home | Imprint | This part of the site doesn't use cookies.