class BCryptHashingStrategy implements PasswordHashingStrategyInterface (View source)

Hashing passwords using BCrypt

Properties

protected int $cost

Number of rounds to use with BCrypt for hashing passwords, must be between 4 and 31

Methods

__construct(int $cost)

Construct a PBKDF2 hashing strategy with the given parameters

string
hashPassword(string $password, string $staticSalt = null)

Creates a BCrypt hash

bool
validatePassword(string $password, string $hashedPasswordAndSalt, string $staticSalt = null)

Validate a password against a derived key (hashed password) and salt using BCrypt

Details

__construct(int $cost)

Construct a PBKDF2 hashing strategy with the given parameters

Parameters

int $cost

Exceptions

InvalidArgumentException

string hashPassword(string $password, string $staticSalt = null)

Creates a BCrypt hash

Parameters

string $password

Cleartext password that will be hashed

string $staticSalt

Optional static salt that will not be stored in the hashed password

Return Value

string

The hashed password with dynamic salt (if used)

bool validatePassword(string $password, string $hashedPasswordAndSalt, string $staticSalt = null)

Validate a password against a derived key (hashed password) and salt using BCrypt

Passwords hashed with a different cost can be validated by using the cost parameter of the hashed password and salt.

Parameters

string $password
string $hashedPasswordAndSalt

Hashed password with dynamic salt (if used)

string $staticSalt

Optional static salt that will not be stored in the hashed password

Return Value

bool

true if the given cleartext password matched the hashed password