Password.xDangerHash
$password.xDangerHash() -> string
Description
Return a one-way encrypted hash of the user’s password.
A hash can not be decrypted back into its original plaintext. It is compared with the hash of another password to see if they match.
This method currently uses the industry-standard bcrypt (Blowfish) hashing algorithm.
The Db module will automatically store passwords as their hash, so try to avoid dealing with hashes directly.
SecurityNever compare password hashes with
==, as it is vulnerable to timing attacks. Use the check method instead.
SecurityNever change a password hash to create your own encryption scheme. They are already optimized to have the highest possible entropy. Any additional changes will only make it less secure.
PerformanceThis hashing algorithm is intentionally slow (~60 milliseconds or more) to protect against brute force attacks. This is slow by machine standards, but not enough for humans to notice.
$tryPassword = Input.get('password')
$tryPassword.xDangerHash()
//= '$2y$10$uuUSTgIPIoluenI/4w0x...' (60 chars)