php5 password_needs_rehash()

Udemy Generic 728x90

(PHP 5 >= 5.5.0)


Since PHP5 keep changing its default configuration and features, in that case we can use this function, to check whether the hash we generate before by using password_hash() is still have the best configuration or we need to rehash.

Whenever there’s a better algorithm than bcrypt, and PHP’s default one switches to it, this function will allow you to update your user’s passwords if they’re using outdated standards

We can also use it to update the cost, if for example, at some point you have better server hardware that allows a higher cost to calculate the hash. Or we can also use it to improve security by adding a stronger salt or larger cost parameter.

Returns TRUE if the hash should be rehashed to match the given algo and options, or FALSE otherwise.



boolean password_needs_rehash ( string $hash , integer $algo , array $options )

  • $hash
  • $algo
    • A algo const denoting the algorithm to use when hashing the password.
  • $option
    • An associative array containing options.



<p>if(password_needs_rehash($hash, PASSWORD_DEFAULT,['cost'=&gt;12])) {</p>
<p>// the password needs to be rehashed as it was not generated with</p>
<p>// the current default algorithm or not created with the cost</p>
<p>// parameter 12</p>
<p>$hash = password_hash($password, PASSWORD_DEFAULT,['cost'=&gt;12]);</p>
<p>// don't forget to store the new hash!</p>

Udemy Generic 728x90

Spread the word. Share this post!

  • Dev Brat Rai

    Good Tutorial

  • Rizqy Afinnudin Mazid

    overview db master : hehe