<?php $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); // 2a is the bcrypt algorithm selector, see http://php.net/crypt // 12 is the workload factor (around 300ms on my Core i7 machine), see http://php.net/crypt echo $hash = crypt('falcon', '$2a$12$' . $salt); var_dump('$2a$12$' . $salt); // we can now use the generated hash as the argument to crypt(), since it too will contain $a2$12$... with a variation of the hash. No need to store the salt anymore, just the hash is enough! var_dump($hash == crypt('foo', $hash)); // true var_dump($hash == crypt('falcon', $hash)); // false
You have javascript disabled. You will not be able to edit any code.