PASSWORD_DEFAULT vs PASSWORD_BCRYPT

php bcrypt blowfish php-password-hash
rexhin picture rexhin · Mar 14, 2014 · Viewed 20.1k times · Source

What is the difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT? Do they both use Blowfish encryption algorithm? What is cost in an algorithm? How to set up password_hash in PHP produce a 255-hash length instead of 60?

Answer

Mark Baker picture Mark Baker · Mar 14, 2014

Currently PASSWORD_BCRYPT is the only algorithm supported (using CRYPT_BLWFISH), therefore there is currently no difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT. The purpose of PASSWORD_DEFAULT is to allow for the inclusion of additional algorithms in the future, whereupon PASSWORD_DEFAULT will always be used to apply the strongest supported hashing algorithm.

Cost is related to the number of iterations of the algorithm that are executed, and affects the speed of calculation as well as the hash value generated. Higher costs take longer to execute, slowing brute force attacks

Related questions

How do you use bcrypt for hashing passwords in PHP?

Every now and then I hear the advice "Use bcrypt for storing passwords in PHP, bcrypt rules". But what is bcrypt? PHP doesn't offer any such functions, Wikipedia babbles about a file-encryption utility and Web searches just reveal a few …

Read More
Comparing passwords with crypt() in PHP

I need to get the basics of this function. The php.net documentation states, for the blowfish algorithm, that: Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64 digits from the alphabet "./0-9A-Za-z". …

Read More
Bcrypt vs Hash in laravel

I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use: Option 1 (hash): <?php // Page 1 $salt = "my-random-hash"; $…

Read More