sodium_crypto_pwhash_str
(PHP 7 >= 7.2.0)
sodium_crypto_pwhash_str — Get an ASCII-encoded hash
Description
$password
, int $opslimit
, int $memlimit
) : stringUses a CPU- and memory-hard hash algorithm along with a randomly-generated salt, and memory and CPU limits to generate an ASCII-encoded hash suitable for password storage.
Parameters
-
password
-
string; The password to generate a hash for.
-
opslimit
-
Represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. There are constants available to set the operations limit to appropriate values depending on intended use, in order of strength:
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE
,SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE
andSODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE
. -
memlimit
-
The maximum amount of RAM that the function will use, in bytes. There are constants to help you choose an appropriate value, in order of size:
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
,SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE
, andSODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE
. Typically these should be paired with the matching opslimit values.
Return Values
Returns the hashed password, or FALSE
on failure.
In order to produce the same password hash from the same password, the same values for opslimit
and memlimit
must be used. These are embedded within the generated hash, so
everything that's needed to verify the hash is included. This allows
the sodium_crypto_pwhash_str_verify() function to verify the hash without
needing separate storage for the other parameters.
Notes
Note:
Hashes are calculated using the Argon2ID algorithm, providing resistance to both GPU and side-channel attacks. In contrast to the password_hash() function, there is no salt parameter (a salt is generated automatically), and the
opslimit
andmemlimit
parameters are not optional.
Examples
Example #1 password_hash() example
<?php
$password = 'password';
echo sodium_crypto_pwhash_str(
$password,
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);
The above example will output something similar to:
$argon2id$v=19$m=65536,t=2,p=1$oWIfdaXwWwhVmovOBc2NAQ$EbsZ+JnZyyavkafS0hoc4HdaOB0ILWZESAZ7kVGa+Iw
See Also
- sodium_crypto_pwhash_str_verify() - Verifies that a password matches a hash
- sodium_crypto_pwhash() - Derive a key from a password
- password_hash() - Creates a password hash
- password_verify() - Verifies that a password matches a hash
- » Libsodium Argon2 docs
English translation
You have asked to visit this site in English. For now, only the interface is translated, but not all the content yet.If you want to help me in translations, your contribution is welcome. All you need to do is register on the site, and send me a message asking me to add you to the group of translators, which will give you the opportunity to translate the pages you want. A link at the bottom of each translated page indicates that you are the translator, and has a link to your profile.
Thank you in advance.
Document created the 30/01/2003, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/php-rf-sodium-crypto-pwhash-str.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.