phillipsharring · August 29, 2015 14:08
diff --git a/Bcrypt Passwords with PHP 5.5 b/Bcrypt Passwords with PHP 5.5
 Bcrypt Passwords with PHP 5.5
diff --git a/1-signature.txt b/1-signature.txt
 password_hash($password, $algorithm, $options = []);
diff --git a/2-hash-password.php b/2-hash-password.php
 $password = 'H@X04!';
 $hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => $cost]);
diff --git a/3-find-cost.php b/3-find-cost.php
 // 100 milliseconds
 // change this to your target time
 $timeTarget = 0.1;

 $cost = 8;

 do {
    $cost++;
    $start = microtime(true);
    password_hash('test', PASSWORD_BCRYPT, ['cost' => $cost]);
    $end = microtime(true);
 } while (($end - $start) < $timeTarget);

 echo 'Appropriate Cost Found: ' . $cost . PHP_EOL;
diff --git a/4-validate-password.php b/4-validate-password.php
 // true, hooray!
 password_verify($password, $hash);

 // false
 password_verify('not the password', $hash);

 // false
 password_verify($password, 'not the hash');
	$password = 'H@X04!';
	$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => $cost]);
	// 100 milliseconds
	// change this to your target time
	$timeTarget = 0.1;

	$cost = 8;

	do {
	$cost++;
	$start = microtime(true);
	password_hash('test', PASSWORD_BCRYPT, ['cost' => $cost]);
	$end = microtime(true);
	} while (($end - $start) < $timeTarget);

	echo 'Appropriate Cost Found: ' . $cost . PHP_EOL;
	// true, hooray!
	password_verify($password, $hash);

	// false
	password_verify('not the password', $hash);

	// false
	password_verify($password, 'not the hash');