<?php
$password = bin2hex(random_bytes(128));
$hashed = hash('sha256', $password, true); // Raw binary
$salt = random_bytes(32);
// Pwhash:
$pwhash = hash_pbkdf2('sha256', $password, $salt, 1000, 64);
// Now the attack
$attack = hash_pbkdf2('sha256', $hashed, $salt, 1000, 64);
var_dump([
'password-hash' => $pwhash,
'attack-output' => $attack
]);
preferences:
39.49 ms | 408 KiB | 5 Q