Jani Hartikainen jhartikainen
dzuelke
/ bcrypt.php
Last active
March 28, 2023 13:15
How to use bcrypt in PHP to safely store passwords (PHP 5.3+ only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // secure hashing of passwords using bcrypt, needs PHP 5.3+ | |
| // see http://codahale.com/how-to-safely-store-a-password/ | |
| // salt for bcrypt needs to be 22 base64 characters (but just [./0-9A-Za-z]), see http://php.net/crypt | |
| $salt = substr(strtr(base64_encode(openssl_random_pseudo_bytes(22)), '+', '.'), 0, 22); | |
| // 2y is the bcrypt algorithm selector, see http://php.net/crypt | |
| // 12 is the workload factor (around 300ms on my Core i7 machine), see http://php.net/crypt |