Password Hashing Functions
suggest changeVersions
[{“Name”:“5.5”,“GroupName”:“PHP 5.x”},{“Name”:“5.6”,“GroupName”:“PHP 5.x”},{“Name”:“7.0”,“GroupName”:“PHP 7.x”},{“Name”:“7.1”,“GroupName”:“PHP 7.x”}]
Introduction
As more secure web services avoid storing passwords in plain text format, languages such as PHP provide various (undecryptable) hash functions to support the more secure industry standard. This topic provides documentation for proper hashing with PHP.
Syntax
string password_hash ( string $password , integer $algo [, array $options ] )
boolean password_verify ( string $password , string $hash )
boolean password_needs_rehash ( string $hash , integer $algo [, array $options ] )
array password_get_info ( string $hash )
Remarks
Prior to PHP 5.5, you may use the compatibility pack to provide the password_*
functions. It is highly recommended that you use the compatibility pack if you are able to do so.
With or without the compatibility pack, correct Bcrypt functionality through crypt()
relies on PHP 5.3.7+ otherwise you must restrict passwords to ASCII-only character sets.
Note: If you use PHP 5.5 or below you’re using an unsupported version of PHP which does not receive any security updates anymore. Update as soon as possible, you can update your password hashes afterwards.
Algorithm Selection
Secure algorithms
- bcrypt is your best option as long as you use key stretching to increase hash calculation time, since it makes brute force attacks extremely slow.
- argon2 is another option which will be available in PHP 7.2.
Insecure algorithms
The following hashing algorithms are insecure or unfit for purpose and therefore should not be used. They were never suited for password hashing, as they’re designed for fast digests instead of slow and hard to brute force password hashes.
If you use any of them, even including salts, you should switch to one of the recommended secure algorithms as soon as possible.
Algorithms considered insecure:
- MD4 - collision attack found in 1995
- MD5 - collision attack found in 2005
- SHA-1 - collision attack demonstrated in 2015
Some algorithms can be safely used as message digest algorithm to prove authenticity, but never as password hashing algorithm:
- SHA-2
- SHA-3
Note, strong hashes such as SHA256 and SHA512 are unbroken and robust, however it is generally more secure to use bcrypt or argon2 hash functions as brute force attacks against these algorithms are much more difficult for classical computers.