What is the difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT? Do they both use Blowfish encryption algorithm? What is cost in an algorithm? How to set up password_hash in PHP produce a 255-hash length instead of 60?
Currently PASSWORD_BCRYPT
is the only algorithm supported (using CRYPT_BLWFISH), therefore there is currently no difference between PASSWORD_DEFAULT
and PASSWORD_BCRYPT
. The purpose of PASSWORD_DEFAULT
is to allow for the inclusion of additional algorithms in the future, whereupon PASSWORD_DEFAULT
will always be used to apply the strongest supported hashing algorithm.
Cost is related to the number of iterations of the algorithm that are executed, and affects the speed of calculation as well as the hash value generated. Higher costs take longer to execute, slowing brute force attacks