Hashing
Introduction
Hashing is a critical part of securing sensitive data in web applications, particularly when it comes to storing passwords. Unlike encryption, which can be reversed to retrieve the original data, hashing is a one-way process designed to securely transform data (such as passwords) into a fixed-length string of characters.
When a user creates or updates their password, the application does not store the raw password. Instead, it stores a hashed version of the password, which is a unique string generated by a cryptographic algorithm. This ensures that even if the database is compromised, the actual passwords are not exposed.
Doppar provides a robust and flexible hashing system, allowing developers to choose between several modern and secure hashing algorithms, including bcrypt, argon, and argon2id. This system is designed to protect user data while also offering flexibility in how you configure and manage password security for your application.
In the following sections, we’ll walk through how to configure and use these hashing algorithms to secure your application’s user passwords, ensuring both safety and efficiency.
Configuration
Doppar provides a simple yet powerful system for securely hashing passwords using different algorithms. The config/hashing.php file controls the configuration of password hashing for your application, allowing you to specify the hashing algorithm and adjust its settings to fit your needs.
Supported Hashing Algorithms
| Driver | Description | Default |
|---|---|---|
| bcrypt | A widely used and secure hashing algorithm, known for its reliability and resistance to brute-force attacks. | No |
| argon | A modern and secure hashing algorithm, designed to be resistant to both brute-force and side-channel attacks. | No |
| argon2id | The most modern and recommended Argon variant, offering enhanced security by combining the benefits of both Argon2d and Argon2i. | Yes |
By default, Doppar uses bcrypt, which is recommended for its modern features and resistance to various attack vectors. However, you can switch between these algorithms based on your application’s needs by modifying the driver option in the config/hashing.php file.
Hash Facades
Doppar provides an easy-to-use facade for working with hashed passwords. The make() method allows you to hash a password securely using the default hashing algorithm configured in your application.
To create a hashed password, simply use the make() method from the Hash facade.
use Phaseolies\Support\Facades\Hash;
$hashedValue = Hash::make('password');
// "$2y$10$qcxCuljWvI7e1A5ah6axl.qgNsVoNw3ad8HSDFRmnVxyzIoj5/x8m"In this example, the password 'password' is securely hashed, and the result is a hashed string that can be safely stored in the database.
Checking Hash
To verify if a plain-text password matches a hashed value, you can use the check() method. This method compares a plain-text string (like the one entered by the user) with the stored hashed value to see if they match.
use Phaseolies\Support\Facades\Hash;
if (Hash::check('plainText', 'hashedValue')) {
// Password matched
}Determining if a Password Needs to be Rehashed
Check if a password hash needs rehashing (security upgrade). The needsRehash method provided by the Hash class allows you to determine if the work factor used by the hasher has changed since the password was hashed. Some applications choose to perform this check during the application's authentication process:
if (Hash::needsRehash($hashed)) {
$hashed = Hash::make('plain-text');
}Using bcrypt() Helper
In Doppar, you can create hashed passwords in two simple ways—either by using the global bcrypt() helper function or via the Hash::make() method provided by the Hash facade.
$hashedValue = bcrypt('bcrypt');
// "$2y$10$gtr.qSIRWTDh7uh9ubj5duC0/KwQJcwZ0.KpFPOPzeRClpwo2FRSa"Both methods generate a secure hashed version of the password using the default hashing driver configured in your application. This hashed value is safe to store in your database for authentication purposes.