PHP Function sodium_crypto_pwhash_str_verify
PHP Function sodium_crypto_pwhash_str_verify checks whether a password hash is the same as a given plain-text password. It uses the Argon2 ID algorithm, which is resistant to GPU attacks. It is a more secure alternative to the scrypt password hashing algorithm. It is also more resistant to side-channel attacks such as cache timing. The function has a number of arguments, but the two most important are pwhash_str_pair and operations_limit. pwhash_str_pair is the hashed string to check, and operations_limit is the maximum number of CPU cycles that can be used to compute the key.
Another popular libsodium function is crypto_auth(), which authenticates messages with secret keys. This is similar to HMAC, but it is more useful for applications that require the sender to be authenticated, rather than just the receiver. This is why it is useful for things like digital signatures, as well as password hashing.
In addition to authentication, libsodium provides encryption functions as well. These include crypto_box(), which implements authenticated asymmetric (public-key) encryption, and crypto_box_seal(), which seals a message in such a way that only the recipient can decrypt it. For more information, see the libsodium documentation.
As of PHP 7.2, libsodium is included by default in the core, so you don’t need to install an extension to use it. Compared to scrypt, libsodium is easier to use and harder to misconfigure. If you’re not using it yet, give it a try! Learn to become a Full Stack Web Developer – Enroll in the MEAN Stack Master's Program.