- password_hash: documentation ( source)
- str_repeat: documentation ( source)
- password_verify: documentation ( source)
<?php
$realPassword = str_repeat('a', 80) . '3F$^$S#^%$JFD';
$hash = password_hash($realPassword, PASSWORD_BCRYPT);
$attackerGuess = str_repeat('a', 80);
echo 'real password ' . (password_verify($realPassword, $hash) ? 'accepted' : 'rejected') . PHP_EOL;
echo "attacker's guess " . (password_verify($attackerGuess, $hash) ? 'accepted' : 'rejected') . PHP_EOL;