PHP password_hash() cost calculator
| <?php | |
| /** | |
| * Password Hash Cost Calculator | |
| * | |
| * Set the ideal time that you want a password_hash() call to take and this | |
| * script will keep testing until it finds the ideal cost value and let you | |
| * know what to set it to when it has finished | |
| */ | |
| // Milliseconds that a hash should take (ideally) | |
| $mSec = 100; | |
| $password = 'MyT3ST_P4$$w0rD'; | |
| echo "\nPassword Hash Cost Calculator\n\n"; | |
| echo "Testing BCRYPT hashing the password '$password'\n\n"; | |
| echo "We're going to run until the time to generate the hash takes longer than {$mSec}ms\n"; | |
| $cost = 3; | |
| do { | |
| $cost++; | |
| echo "\nTesting cost value of $cost: "; | |
| $time = benchmark($password, $cost); | |
| echo "... took $time"; | |
| } while ($time < ($mSec/1000)); | |
| echo "\n\nIdeal cost is $cost\n"; | |
| echo "\nRunning 100 times to check the average:\n"; | |
| $start = microtime(true); | |
| $times = []; | |
| for ($i=1;$i<=100;$i++) { | |
| echo "\r$i/100"; | |
| $times[] = benchmark($password, $cost); | |
| } | |
| echo "\n\ndone benchmarking in ".(microtime(true)-$start)."\n"; | |
| echo "\nSlowest time: ".max($times); | |
| echo "\nFastest time: ".min($times); | |
| echo "\nAverage time: ".(array_sum($times)/count($times)); | |
| echo "\n\nFinished\n"; | |
| function benchmark($password, $cost=4) | |
| { | |
| $start = microtime(true); | |
| password_hash($password, PASSWORD_BCRYPT, ['cost'=>$cost]); | |
| return microtime(true) - $start; | |
| } |
This comment has been minimized.
This comment has been minimized.
|
Dang, great simple tool! This was so helpful |
This comment has been minimized.
This comment has been minimized.
|
Thanks really helpful ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Example result: