<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Predefined Constants</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="password.resources.html">Resource Types</a></div>
<div class="next" style="text-align: right; float: right;"><a href="ref.password.html">Password Hashing Functions</a></div>
<div class="up"><a href="book.password.html">Password Hashing</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="password.constants" class="appendix">
<h1>Predefined Constants</h1>
<p class="simpara">
The constants below are always available as part of the PHP core.
</p>
<p class="para">
<dl>
<dt id="constant.password-bcrypt">
<span class="term">
<strong><code>PASSWORD_BCRYPT</code></strong>
(<span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span>)
</span>
<dd>
<p class="para">
<strong><code>PASSWORD_BCRYPT</code></strong> is used to create new password
hashes using the <strong><code>CRYPT_BLOWFISH</code></strong> algorithm.
</p>
<p class="para">
This will always result in a hash using the "$2y$" crypt format,
which is always 60 characters wide.
</p>
<p class="para">
Supported Options:
</p>
<ul class="itemizedlist">
<li class="listitem">
<p class="para">
<em>salt</em> - to manually provide a salt to use when hashing the password.
Note that this will override and prevent a salt from being automatically generated.
</p>
<p class="para">
If omitted, a random salt will be generated by <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span> for
each password hashed. This is the intended mode of operation.
</p>
</li>
<li class="listitem">
<p class="para">
<em>cost</em> - which denotes the algorithmic cost that should be used.
Examples of these values can be found on the <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> page.
</p>
<p class="para">
If ommitted, a default value of <em>10</em> will be used. This is a good
baseline cost, but you may want to consider increasing it depending on your hardware.
</p>
</li>
</ul>
</dd>
</dt>
<dt id="constant.password-default">
<span class="term">
<strong><code>PASSWORD_DEFAULT</code></strong>
(<span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span>)
</span>
<dd>
<p class="para">
The default algorithm to use for hashing if no algorithm is provided.
This may change in newer PHP releases when newer, stronger hashing
algorithms are supported.
</p>
<p class="para">
It is worth noting that over time this constant can (and likely will)
change. Therefore you should be aware that the length of the resulting
hash can change. Therefore, if you use <strong><code>PASSWORD_DEFAULT</code></strong>
you should store the resulting hash in a way that can store more than 60
characters (255 is the recomended width).
</p>
<p class="para">
Values for this constant:
</p>
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
PHP 5.5.0 - <strong><code>PASSWORD_BCRYPT</code></strong>
</span>
</li>
</ul>
</dd>
</dt>
</dl>
</p>
</div>
<hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="password.resources.html">Resource Types</a></div>
<div class="next" style="text-align: right; float: right;"><a href="ref.password.html">Password Hashing Functions</a></div>
<div class="up"><a href="book.password.html">Password Hashing</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
