-
Notifications
You must be signed in to change notification settings - Fork 790
/
Copy pathpassword-hash.xml
430 lines (420 loc) · 13.1 KB
/
password-hash.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.password-hash" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>password_hash</refname>
<refpurpose>Creates a password hash</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>string</type><methodname>password_hash</methodname>
<methodparam><modifier role="attribute">#[\SensitiveParameter]</modifier><type>string</type><parameter>password</parameter></methodparam>
<methodparam><type class="union"><type>string</type><type>int</type><type>null</type></type><parameter>algo</parameter></methodparam>
<methodparam choice="opt"><type>array</type><parameter>options</parameter><initializer>[]</initializer></methodparam>
</methodsynopsis>
<para>
<function>password_hash</function> creates a new password hash using a strong one-way hashing
algorithm.
</para>
<simpara>
The following algorithms are currently supported:
</simpara>
<para>
<itemizedlist>
<listitem>
<simpara>
<constant>PASSWORD_DEFAULT</constant> - Use the bcrypt algorithm (default as of PHP 5.5.0).
Note that this constant is designed to change over time as new and stronger algorithms are added
to PHP. For that reason, the length of the result from using this identifier can change over
time. Therefore, it is recommended to store the result in a database column that can expand
beyond 60 bytes (255 bytes would be a good choice).
</simpara>
</listitem>
<listitem>
<simpara>
<constant>PASSWORD_BCRYPT</constant> - Use the bcrypt algorithm to
create the hash. This will produce a standard <function>crypt</function> compatible hash using
the <literal>$2y$</literal> identifier.
</simpara>
</listitem>
<listitem>
<simpara>
<constant>PASSWORD_ARGON2I</constant> - Use the Argon2i hashing algorithm to create the hash.
This algorithm is only available if PHP has been compiled with Argon2 support.
</simpara>
</listitem>
<listitem>
<simpara>
<constant>PASSWORD_ARGON2ID</constant> - Use the Argon2id hashing algorithm to create the hash.
This algorithm is only available if PHP has been compiled with Argon2 support.
</simpara>
</listitem>
</itemizedlist>
</para>
<simpara>
Supported options for <constant>PASSWORD_BCRYPT</constant>:
</simpara>
<para>
<itemizedlist>
<listitem>
<para>
<literal>salt</literal> (<type>string</type>) - to manually provide a salt to use when hashing the password.
Note that this will override and prevent a salt from being automatically generated.
</para>
<para>
If omitted, a random salt will be generated by <function>password_hash</function> for
each password hashed. This is the intended mode of operation.
</para>
<warning>
<para>
The salt option is deprecated. It is now
preferred to simply use the salt that is generated by default.
As of PHP 8.0.0, an explicitly given salt is ignored.
</para>
</warning>
</listitem>
<listitem>
<para>
<literal>cost</literal> (<type>int</type>) - which denotes the algorithmic cost that should be used.
Examples of these values can be found on the <function>crypt</function> page.
</para>
<para>
If omitted, a default value of <literal>12</literal> will be used. This is a good
baseline cost, but it should be adjusted depending on hardware used.
</para>
</listitem>
</itemizedlist>
</para>
<simpara>
Supported options for <constant>PASSWORD_ARGON2I</constant>
and <constant>PASSWORD_ARGON2ID</constant>:
</simpara>
<para>
<itemizedlist>
<listitem>
<para>
<literal>memory_cost</literal> (<type>int</type>) - Maximum memory (in kibibytes) that may
be used to compute the Argon2 hash. Defaults to <constant>PASSWORD_ARGON2_DEFAULT_MEMORY_COST</constant>.
</para>
</listitem>
<listitem>
<para>
<literal>time_cost</literal> (<type>int</type>) - Maximum amount of time it may
take to compute the Argon2 hash. Defaults to <constant>PASSWORD_ARGON2_DEFAULT_TIME_COST</constant>.
</para>
</listitem>
<listitem>
<para>
<literal>threads</literal> (<type>int</type>) - Number of threads to use for computing
the Argon2 hash. Defaults to <constant>PASSWORD_ARGON2_DEFAULT_THREADS</constant>.
</para>
<warning>
<para>
Only available when PHP uses libargon2, not with libsodium implementation.
</para>
</warning>
</listitem>
</itemizedlist>
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<variablelist>
<varlistentry>
<term><parameter>password</parameter></term>
<listitem>
<para>
&password.parameter.password;
</para>
<caution>
<para>
Using the <constant>PASSWORD_BCRYPT</constant> as the
algorithm, will result
in the <parameter>password</parameter> parameter being truncated to a
maximum length of 72 bytes.
</para>
</caution>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>algo</parameter></term>
<listitem>
<para>
&password.parameter.algo;
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>options</parameter></term>
<listitem>
<para>
&password.parameter.options;
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns the hashed password.
</para>
<para>
The used algorithm, cost and salt are returned as part of the hash. Therefore,
all information that's needed to verify the hash is included in it. This allows
the <function>password_verify</function> function to verify the hash without
needing separate storage for the salt or algorithm information.
</para>
</refsect1>
<refsect1 role="changelog">
&reftitle.changelog;
<para>
<informaltable>
<tgroup cols="2">
<thead>
<row>
<entry>&Version;</entry>
<entry>&Description;</entry>
</row>
</thead>
<tbody>
<row>
<entry>8.4.0</entry>
<entry>
The default value of the <literal>cost</literal> option of the
<constant>PASSWORD_BCRYPT</constant> algorithm was increased from
<literal>10</literal> to <literal>12</literal>.
</entry>
</row>
<row>
<entry>8.3.0</entry>
<entry>
<function>password_hash</function> now sets the underlying
<exceptionname>Random\RandomException</exceptionname> as the
<property>Exception::$previous</property> exception when a
<exceptionname>ValueError</exceptionname> is thrown due to a failure
in the salt generation.
</entry>
</row>
<row>
<entry>8.0.0</entry>
<entry>
<function>password_hash</function> no longer returns &false; on failure, instead a
<classname>ValueError</classname> will be thrown if the password hashing algorithm
is not valid, or an <classname>Error</classname> if the password hashing failed
for an unknown error.
</entry>
</row>
<row>
<entry>8.0.0</entry>
<entry>
The <parameter>algo</parameter> parameter is nullable now.
</entry>
</row>
<row>
<entry>7.4.0</entry>
<entry>
The <parameter>algo</parameter> parameter expects a &string; now, but still accepts
&integer;s for backward compatibility.
</entry>
</row>
<row>
<entry>7.4.0</entry>
<entry>
The sodium extension provides an alternative implementation for Argon2 passwords.
</entry>
</row>
<row>
<entry>7.3.0</entry>
<entry>
Support for Argon2id passwords using <constant>PASSWORD_ARGON2ID</constant> was added.
</entry>
</row>
<row>
<entry>7.2.0</entry>
<entry>
Support for Argon2i passwords using <constant>PASSWORD_ARGON2I</constant> was added.
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>password_hash</function> example</title>
<programlisting role="php">
<![CDATA[
<?php
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
$2y$12$4Umg0rCJwMswRw/l.SwHvuQV01coP0eWmGzd61QH2RvAOMANUBGC.
]]>
</screen>
</example>
</para>
<para>
<example>
<title><function>password_hash</function> example setting cost manually</title>
<programlisting role="php">
<![CDATA[
<?php
$options = [
// Increase the bcrypt cost from 12 to 13.
'cost' => 13,
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
$2y$13$xeDfQumlmdm0Sco.4qmH1OGfUUmOcuRmfae0dPJhjX1Bq0yYhqbNi
]]>
</screen>
</example>
</para>
<para>
<example>
<title><function>password_hash</function> example finding a good cost</title>
<simpara>
This code will benchmark the machine to determine how high of a cost can be used
without deteriorating user experience. It is recommended to set the highest cost
that does not slow down other operations the machine needs to perform. 11 is a
good baseline, and more is better if the machine is fast enough. The code below
aims for ≤ 350 milliseconds stretching time, which is an appropriate delay for
systems handling interactive logins.
</simpara>
<programlisting role="php">
<![CDATA[
<?php
$timeTarget = 0.350; // 350 milliseconds
$cost = 11;
do {
$cost++;
$start = microtime(true);
password_hash("test", PASSWORD_BCRYPT, ["cost" => $cost]);
$end = microtime(true);
} while (($end - $start) < $timeTarget);
echo "Appropriate Cost Found: " . $cost - 1;
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Appropriate Cost Found: 13
]]>
</screen>
</example>
</para>
<para>
<example>
<title><function>password_hash</function> example using Argon2i</title>
<programlisting role="php">
<![CDATA[
<?php
echo 'Argon2i hash: ' . password_hash('rasmuslerdorf', PASSWORD_ARGON2I);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YzJBSzV4TUhkMzc3d3laeg$zqU/1IN0/AogfP4cmSJI1vc8lpXRW9/S0sYY2i2jHT0
]]>
</screen>
</example>
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
<caution>
<para>
It is strongly recommended not to provide an explicit salt for this function.
A secure salt will automatically be created if no salt is specified.
</para>
<para>
As noted above, providing the <literal>salt</literal> option in PHP 7.0.0
will generate a deprecation warning. Support for providing a salt explicitly
has been removed in PHP 8.0.0.
</para>
</caution>
<note>
<para>
It is recommended to test this function on the machine used, adjusting the cost parameter(s)
so that execution of the function takes less than 350 milliseconds for interactive logins.
The script in the above example will help choosing an appropriate bcrypt cost for the given
machine.
</para>
</note>
<note>
<simpara>
Updates to supported algorithms by this function (or changes to the default one) must follow
the following rules:
</simpara>
<para>
<itemizedlist>
<listitem>
<simpara>
Any new algorithm must be in core for at least 1 full release of PHP
prior to becoming default. So if, for example, a new algorithm is added
in 7.5.5, it would not be eligible for default until 7.7 (since 7.6
would be the first full release). But if a different algorithm was added
in 7.6.0, it would also be eligible for default at 7.7.0.
</simpara>
</listitem>
<listitem>
<simpara>
The default should only change in a full release (7.3.0, 8.0.0, etc)
and not in a revision release. The only exception to this is in an
emergency when a critical security flaw is found in the current
default.
</simpara>
</listitem>
</itemizedlist>
</para>
</note>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>password_verify</function></member>
<member><function>password_needs_rehash</function></member>
<member><function>crypt</function></member>
<member><function>sodium_crypto_pwhash_str</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->