PHP.nl

sodium_crypto_pwhash_str

sodium_crypto_pwhash_str

Get an ASCII-encoded hash

string **sodium_crypto_pwhash_str** string $password int $opslimit int $memlimit

Uses a CPU- and memory-hard hash algorithm along with a randomly-generated salt, and memory and CPU limits to generate an ASCII-encoded hash suitable for password storage.

password ; The password to generate a hash for. string

opslimit Represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. There are constants available to set the operations limit to appropriate values depending on intended use, in order of strength: , and . SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE``SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE``SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE

memlimit The maximum amount of RAM that the function will use, in bytes. There are constants to help you choose an appropriate value, in order of size: , , and . Typically these should be paired with the matching opslimit values. SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE``SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE``SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE

Returns the hashed password.

In order to produce the same password hash from the same password, the same values for and must be used. These are embedded within the generated hash, so everything that's needed to verify the hash is included. This allows the function to verify the hash without needing separate storage for the other parameters. opslimit``memlimit``sodium_crypto_pwhash_str_verify

Voorbeeld: example

<?php
$password = 'password';
echo sodium_crypto_pwhash_str(
    $password,
    SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
    SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);

$argon2id$v=19$m=65536,t=2,p=1$oWIfdaXwWwhVmovOBc2NAQ$EbsZ+JnZyyavkafS0hoc4HdaOB0ILWZESAZ7kVGa+Iw

Opmerking: > Hashes are calculated using the Argon2ID algorithm, providing resistance to both GPU and side-channel attacks. In contrast to the function, there is no salt parameter (a salt is generated automatically), and the and parameters are not optional. password_hash``opslimit``memlimit

sodium_crypto_pwhash_str_verify``sodium_crypto_pwhash``password_hash``password_verifyLibsodium Argon2 docs

Vorige ← sodium_crypto_pwhash_str_verify Volgende sodium_crypto_pwhash →

Documentatie