The password_hash
function looks like a wrapper that adds a high-level layer to the crypt
function, since it has a default setting that could be done with crypt
manually.
The same thing happens with the password_verify
function, which seems equivalent to this:
function password_verify($password, $passwordHash)
{
return (crypt($password, $passwordHash) === $passwordHash);
}
I'm curious as to whether wrappers are added to crypt
in the latest version of PHP.
OBS: I know the above code is insecure because it is vulnerable to timming attack, but it is just a way to try to illustrate the idea. The point is whether it's a wrapper or not. Therefore, security is not the focus of this question.
Thanks in advance.