<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Predefined Constants</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="password.resources.html">Resource Types</a></div> <div class="next" style="text-align: right; float: right;"><a href="ref.password.html">Password Hashing Functions</a></div> <div class="up"><a href="book.password.html">Password Hashing</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="password.constants" class="appendix"> <h1>Predefined Constants</h1> <p class="simpara"> The constants below are always available as part of the PHP core. </p> <p class="para"> <dl> <dt id="constant.password-bcrypt"> <span class="term"> <strong><code>PASSWORD_BCRYPT</code></strong> (<span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span>) </span> <dd> <p class="para"> <strong><code>PASSWORD_BCRYPT</code></strong> is used to create new password hashes using the <strong><code>CRYPT_BLOWFISH</code></strong> algorithm. </p> <p class="para"> This will always result in a hash using the "$2y$" crypt format, which is always 60 characters wide. </p> <p class="para"> Supported Options: </p> <ul class="itemizedlist"> <li class="listitem"> <p class="para"> <em>salt</em> - to manually provide a salt to use when hashing the password. Note that this will override and prevent a salt from being automatically generated. </p> <p class="para"> If omitted, a random salt will be generated by <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span> for each password hashed. This is the intended mode of operation. </p> </li> <li class="listitem"> <p class="para"> <em>cost</em> - which denotes the algorithmic cost that should be used. Examples of these values can be found on the <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> page. </p> <p class="para"> If ommitted, a default value of <em>10</em> will be used. This is a good baseline cost, but you may want to consider increasing it depending on your hardware. </p> </li> </ul> </dd> </dt> <dt id="constant.password-default"> <span class="term"> <strong><code>PASSWORD_DEFAULT</code></strong> (<span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span>) </span> <dd> <p class="para"> The default algorithm to use for hashing if no algorithm is provided. This may change in newer PHP releases when newer, stronger hashing algorithms are supported. </p> <p class="para"> It is worth noting that over time this constant can (and likely will) change. Therefore you should be aware that the length of the resulting hash can change. Therefore, if you use <strong><code>PASSWORD_DEFAULT</code></strong> you should store the resulting hash in a way that can store more than 60 characters (255 is the recomended width). </p> <p class="para"> Values for this constant: </p> <ul class="itemizedlist"> <li class="listitem"> <span class="simpara"> PHP 5.5.0 - <strong><code>PASSWORD_BCRYPT</code></strong> </span> </li> </ul> </dd> </dt> </dl> </p> </div> <hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="password.resources.html">Resource Types</a></div> <div class="next" style="text-align: right; float: right;"><a href="ref.password.html">Password Hashing Functions</a></div> <div class="up"><a href="book.password.html">Password Hashing</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>