1. class
  2. Neos
  3. \
  4. Flow
  5. \
  6. Security
  7. \
  8. Cryptography
  9. \
  10. BCryptHashingStrategy

BCryptHashingStrategy

class BCryptHashingStrategy implements PasswordHashingStrategyInterface (View source)

Hashing passwords using BCrypt

Properties

protected $cost

Number of rounds to use with BCrypt for hashing passwords, must be between 4 and 31

Methods

__construct(int $cost)

Construct a BCrypt hashing strategy with the given parameters

string
hashPassword(string $password, string|null $staticSalt = null)

Creates a BCrypt hash

bool
validatePassword(string $password, string $hashedPasswordAndSalt, string|null $staticSalt = null)

Validate a password against a derived key (hashed password) and salt using BCrypt

Details

at line 32
__construct(int $cost)

Construct a BCrypt hashing strategy with the given parameters

Parameters

int $cost

Exceptions

InvalidArgumentException

at line 48
string hashPassword(string $password, string|null $staticSalt = null)

Creates a BCrypt hash

Parameters

string $password

Cleartext password that will be hashed
string|null $staticSalt

Optional static salt that will not be stored in the hashed password

Return Value

string

The hashed password with dynamic salt (if used)

at line 64
bool validatePassword(string $password, string $hashedPasswordAndSalt, string|null $staticSalt = null)

Validate a password against a derived key (hashed password) and salt using BCrypt

Passwords hashed with a different cost can be validated by using the cost parameter of the hashed password and salt.

Parameters

string $password
string $hashedPasswordAndSalt

Hashed password with dynamic salt (if used)
string|null $staticSalt

Optional static salt that will not be stored in the hashed password

Return Value

bool

true if the given cleartext password matched the hashed password