How can password_verify validate passwords without knowing salt and cost?

后端 未结 1 2087
别跟我提以往
别跟我提以往 2021-02-13 15:30

The function password_verify() in the new PHP password API checks if the password corresponds to the hash. The hash is generated by password_hash(), that by default uses a rando

相关标签:
1条回答
  • 2021-02-13 16:10

    The string returned by password_hash() contains not only the hash, but also the algorithm, cost and salt.

    0 讨论(0)
提交回复
热议问题