Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

PHP - What password hash is this?

I've got this PHP code to generate a password hash,

$hash = password_hash($input_password, PASSWORD_DEFAULT, ['cost' => 10]);

But I'm having troubles finding what type of password hash is used. I've tried googling it but without finding what it is (might just be me using bad search terms).

I'm assuming it's not MD5 or SHA1 since that's not considered safe anymore but I want to be sure and I want to know what's actually being used, so if anyone could tell me (and preferably link to a source that tells me what's being used), I would really appreciate that!

 

Thanks!

Spoiler

System:

i5 3570k @ 4.4 GHz, MSI Z77A-G43, Dominator Platinum 1600MHz 16GB (2x8GB), EVGA GTX 980ti 6GB, CM HAF XM, Samsung 850 Pro 256GB + Some WD Red HDD, Corsair RM850 80+ Gold, Asus Xonar Essence STX, Windows 10 Pro 64bit

PCPP:

http://pcpartpicker.com/p/znZqcf

 

Link to post
Share on other sites
Quote

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

Always check PHP docs. http://php.net/manual/en/function.password-hash.php

Link to post
Share on other sites
Quote

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

Oh, @Mr_KoKa beat me to it.

i5 4670k @ 4.2GHz (Coolermaster Hyper 212 Evo); ASrock Z87 EXTREME4; 8GB Kingston HyperX Beast DDR3 RAM @ 2133MHz; Asus DirectCU GTX 560; Super Flower Golden King 550 Platinum PSU;1TB Seagate Barracuda;Corsair 200r case. 

Link to post
Share on other sites
1 minute ago, Mr_KoKa said:

 

I found that, but I didn't think bcrypt was an hashing "type", just an algorithm generating it. So is bcrypt similar to what sha1/sha256 is (but better/safer)?

Spoiler

System:

i5 3570k @ 4.4 GHz, MSI Z77A-G43, Dominator Platinum 1600MHz 16GB (2x8GB), EVGA GTX 980ti 6GB, CM HAF XM, Samsung 850 Pro 256GB + Some WD Red HDD, Corsair RM850 80+ Gold, Asus Xonar Essence STX, Windows 10 Pro 64bit

PCPP:

http://pcpartpicker.com/p/znZqcf

 

Link to post
Share on other sites
17 minutes ago, lubblig said:

I found that, but I didn't think bcrypt was an hashing "type", just an algorithm generating it. So is bcrypt similar to what sha1/sha256 is (but better/safer)?

Hashing "types" as you call them are just different algorithms.

 

I would say bcrypt is on par with SHA2 families as unlike SHA which is hash based, bcrypt uses Blowfish which uses a cipher. You can also change how many iterations bcrypt will go through before outputting the final hash up to a total of 31 iterations which is exponential. 14 iterations is similar to SHA-256 so being able to increase the algorithm exponentially helps deal with the exponential growth of computer processing speeds.

[Out-of-date] Want to learn how to make your own custom Windows 10 image?

 

Desktop: AMD R9 3900X | ASUS ROG Strix X570-F | Radeon RX 5700 XT | EVGA GTX 1080 SC | 32GB Trident Z Neo 3600MHz | 1TB 970 EVO | 256GB 840 EVO | 960GB Corsair Force LE | EVGA G2 850W | Phanteks P400S

Laptop: Intel M-5Y10c | Intel HD Graphics | 8GB RAM | 250GB Micron SSD | Asus UX305FA

Server 01: Intel Xeon D 1541 | ASRock Rack D1541D4I-2L2T | 32GB Hynix ECC DDR4 | 4x8TB Western Digital HDDs | 32TB Raw 16TB Usable

Server 02: Intel i7 7700K | Gigabye Z170N Gaming5 | 16GB Trident Z 3200MHz

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Newegg

×