Searching for hash, I noticed that the second parameter of the password_hash
function has two options, PASSWORD_DEFAULT
and PASSWORD_BCRYPT
,
- Exactly which of the two should I give preference to use?
It should probably be PASSWORD_DEFAULT
? Well in the documentation, both are explained and said that:
PASSWORD DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP . For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database that can expand beyond 60 characters (255 characters would be a good choice).
PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt () compatible hash using the "$ 2y $" identifier. The result will always be a 60 character string, or FALSE on failure.
So with this quote you can assume that Bcrypt
and Crypt_Blowfish
are different patterns, exactly
- What would be the difference between them?