strcmp vs. == vs. === in PHP for checking hash equality

Question

I\'m using crypt() to hash passwords in PHP, and am trying to work out the safest way of testing equality of the resulting hash when performing password checks.

Answer 1

You should be using the hash_equals() function that is built into PHP. There would be no need to make your own function. The hash_equals() will return a boolean value.

In my opinion it is usually NOT a good idea to use == or === for comparing strings let alone hashed strings.