Docs for page password.php

Description

A Compatibility library with PHP 5.5's simplified password hashing API.

Constants

PASSWORD_BCRYPT = 1 (line 56)

PASSWORD_DEFAULT = PASSWORD_BCRYPT (line 57)

Functions

can_use_password_API (line 18)

function to check if the password API can be used In some PHP version ( <5.3.7), crypt() with blowfish is vulnerable.

But this issue has been fixed on some older PHP version (php 5.3.3 for most of them) in some distro, like Debian squeeze.

void can_use_password_API ()

password_get_info (line 197)

Get information about the password hash. Returns an array of the information that was used to generate the password hash.

array( 'algo' => 1, 'algoName' => 'bcrypt', 'options' => array( 'cost' => 10, ), )

array password_get_info (string $hash)

password_hash (line 68)

Hash the password using the specified algorithm

string|false password_hash (string $password, int $algo, [ $options = array()])

password_needs_rehash (line 223)

Determine if the password hash needs to be rehashed according to the options provided

If the answer is true, after validating the password using password_verify, rehash it.

boolean password_needs_rehash (string $hash, int $algo, [ $options = array()])

password_verify (line 247)

Verify a password against a hash using a timing attack resistant approach

boolean password_verify (string $password, string $hash)

/auth/password.php