Setting a salt for password_hash()
Question
I'm creating a mass user import script in PHP for owncloud . I read the users from a CSV file, then I'll add them to the owncloud database . I'm having an issue with the passwords though. To my knowledge, owncloud uses password_hash() with BCRYPT . I have the passwordsalt , but I'm not sure how to use that salt with password_hash() .
Any help there guys?
2 answers
solution1
1 ACCPTED 2016-01-07 18:48:58
Use salt in the option array like this
password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "thisisyoursalt"));
But using your own salt is not a good idea. Let password_hash() create a salt for your password. password_hash() will create different salt for every password. It will increase your password security strength.
solution2
0 2016-01-13 15:11:15
If the hashes are produced by password_hash() or crypt() , then the salt is included in the resulting hash value. To check a password against this hash, you can use the function password_verify() , this function extracts the salt and other parameters automatically.
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.