Dreamfork
Hashing
Introduction
The Dreamfork Hash facade provides secure Bcrypt hashing for storing user passwords.
Bcrypt is an excellent choice for password hashing due to its adjustable "work factor." This means that the time it takes to generate a hash can be increased as hardware power increases. When hashing passwords, a slower process is favorable. The longer an algorithm takes to hash a password, the more time it takes for malicious users to generate "rainbow tables" containing all possible string hash values. This adds a layer of defense against brute force attacks on applications.
Basic Usage
Hashing Passwords
You may hash a password by calling the make method on the Hash facade:
use Framework\Support\Facades\Hash;
$hash = Hash::make($request->password);
Adjusting The Bcrypt Work Factor
If you are utilizing the Bcrypt algorithm, the make method enables you to adjust the work factor of the algorithm through the rounds option. Nevertheless, the default work factor managed by Dreamfork is suitable for most applications:
use Framework\Support\Facades\Hash;
$hash = Hash::make($request->password, [
'rounds' => 12,
]);
Verifying That A Password Matches A Hash
The check method provided by the Hash facade enables you to verify that a given plain-text string corresponds to a given hash:
if (Hash::check('plain-password', $hashedPassword)) {
// The passwords match...
}
Determining If A Password Needs To Be Rehashed
The needsRehash method, offered by the Hash facade, allows you to determine if the work factor used by the hasher has changed since the password was hashed. Some applications choose to perform this check during the authentication process:
if (Hash::needsRehash($hashedPassword)) {
$hashed = Hash::make('plain-password');
}