Laravel-Docs/hashing.md

# Hashing

- [Introduction](#introduction)
- [Configuration](#configuration)
- [Basic Usage](#basic-usage)

<a name="introduction"></a>
## Introduction

The Laravel `Hash` [facade](/docs/{{version}}/facades) provides secure Bcrypt and Argon2 hashing for storing user passwords. If you are using the built-in `LoginController` and `RegisterController` classes that are included with your Laravel application, they will use Bcrypt for registration and authentication by default.

> {tip} Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.

<a name="configuration"></a>
## Configuration

The default hashing driver for your application is configured in the `config/hashing.php` configuration file. There are currently two supported drivers: [Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) and [Argon2](https://en.wikipedia.org/wiki/Argon2).

> {note} The Argon2 driver requires PHP 7.2.0 or greater.

<a name="basic-usage"></a>
## Basic Usage

You may hash a password by calling the `make` method on the `Hash` facade:

    <?php

    namespace App\Http\Controllers;

    use Illuminate\Http\Request;
    use Illuminate\Support\Facades\Hash;
    use App\Http\Controllers\Controller;

    class UpdatePasswordController extends Controller
    {
        /**
         * Update the password for the user.
         *
         * @param  Request  $request
         * @return Response
         */
        public function update(Request $request)
        {
            // Validate the new password length...

            $request->user()->fill([
                'password' => Hash::make($request->newPassword)
            ])->save();
        }
    }

#### Adjusting The Bcrypt Work Factor

If you are using the Bcrypt algorithm, the `make` method allows you to manage the work factor of the algorithm using the `rounds` option; however, the default is acceptable for most applications:

    $hashed = Hash::make('password', [
        'rounds' => 12
    ]);

#### Adjusting The Argon2 Work Factor

If you are using the Argon2 algorithm, the `make` method allows you to manage the work factor of the algorithm using the `memory`, `time`, and `threads` options; however, the defaults are acceptable for most applications:

    $hashed = Hash::make('password', [
        'memory' => 1024,
        'time' => 2,
        'threads' => 2,
    ]);

> {tip} For more information on these options, check out the [official PHP documentation](http://php.net/manual/en/function.password-hash.php).

#### Verifying A Password Against A Hash

The `check` method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the `LoginController` [included with Laravel](/docs/{{version}}/authentication), you will probably not need to use this directly, as this controller automatically calls this method:

    if (Hash::check('plain-text', $hashedPassword)) {
        // The passwords match...
    }

#### Checking If A Password Needs To Be Rehashed

The `needsRehash` function allows you to determine if the work factor used by the hasher has changed since the password was hashed:

    if (Hash::needsRehash($hashed)) {
        $hashed = Hash::make('plain-text');
    }
Write hashing documentation. 2015-01-22 21:17:22 +01:00			`# Hashing`

			`- [Introduction](#introduction)`
add argon docs 2018-01-30 15:47:52 +01:00			`- [Configuration](#configuration)`
Write hashing documentation. 2015-01-22 21:17:22 +01:00			`- [Basic Usage](#basic-usage)`

			`<a name="introduction"></a>`
			`## Introduction`

add argon docs 2018-01-30 15:47:52 +01:00			The Laravel `Hash` [facade](/docs/{{version}}/facades) provides secure Bcrypt and Argon2 hashing for storing user passwords. If you are using the built-in `LoginController` and `RegisterController` classes that are included with your Laravel application, they will use Bcrypt for registration and authentication by default.
Write hashing documentation. 2015-01-22 21:17:22 +01:00
various doc updates 2016-07-16 02:50:53 +02:00			`> {tip} Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.`
Write hashing documentation. 2015-01-22 21:17:22 +01:00
add argon docs 2018-01-30 15:47:52 +01:00			`<a name="configuration"></a>`
			`## Configuration`

			The default hashing driver for your application is configured in the `config/hashing.php` configuration file. There are currently two supported drivers: [Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) and [Argon2](https://en.wikipedia.org/wiki/Argon2).

			`> {note} The Argon2 driver requires PHP 7.2.0 or greater.`

Write hashing documentation. 2015-01-22 21:17:22 +01:00			`<a name="basic-usage"></a>`
			`## Basic Usage`

working on hash docs 2015-05-05 00:02:00 +02:00			You may hash a password by calling the `make` method on the `Hash` facade:
Write hashing documentation. 2015-01-22 21:17:22 +01:00
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`<?php`

			`namespace App\Http\Controllers;`

			`use Illuminate\Http\Request;`
various doc updates 2016-07-16 02:50:53 +02:00			`use Illuminate\Support\Facades\Hash;`
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`use App\Http\Controllers\Controller;`

various doc updates 2016-07-16 02:50:53 +02:00			`class UpdatePasswordController extends Controller`
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`{`
			`/**`
			`* Update the password for the user.`
			`*`
			`* @param Request $request`
			`* @return Response`
			`*/`
various doc updates 2016-07-16 02:50:53 +02:00			`public function update(Request $request)`
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`{`
			`// Validate the new password length...`

various doc updates 2016-07-16 02:50:53 +02:00			`$request->user()->fill([`
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`'password' => Hash::make($request->newPassword)`
			`])->save();`
			`}`
			`}`
working on hash docs 2015-05-05 00:02:00 +02:00
add argon docs 2018-01-30 15:47:52 +01:00			`#### Adjusting The Bcrypt Work Factor`

			If you are using the Bcrypt algorithm, the `make` method allows you to manage the work factor of the algorithm using the `rounds` option; however, the default is acceptable for most applications:
document work factor 2017-08-27 23:28:03 +02:00
			`$hashed = Hash::make('password', [`
			`'rounds' => 12`
			`]);`

add argon docs 2018-01-30 15:47:52 +01:00			`#### Adjusting The Argon2 Work Factor`

			If you are using the Argon2 algorithm, the `make` method allows you to manage the work factor of the algorithm using the `memory`, `time`, and `threads` options; however, the defaults are acceptable for most applications:

			`$hashed = Hash::make('password', [`
			`'memory' => 1024,`
			`'time' => 2,`
			`'threads' => 2,`
			`]);`

			`> {tip} For more information on these options, check out the [official PHP documentation](http://php.net/manual/en/function.password-hash.php).`

working on hash docs 2015-05-05 00:02:00 +02:00			`#### Verifying A Password Against A Hash`

various doc updates 2016-07-16 02:50:53 +02:00			The `check` method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the `LoginController` [included with Laravel](/docs/{{version}}/authentication), you will probably not need to use this directly, as this controller automatically calls this method:
working on hash docs 2015-05-05 00:03:54 +02:00
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`if (Hash::check('plain-text', $hashedPassword)) {`
			`// The passwords match...`
			`}`
Write hashing documentation. 2015-01-22 21:17:22 +01:00
			`#### Checking If A Password Needs To Be Rehashed`

working on hash docs. 2015-05-26 23:24:29 +02:00			The `needsRehash` function allows you to determine if the work factor used by the hasher has changed since the password was hashed:
working on hash docs 2015-05-05 00:02:00 +02:00
replace all tabs with spaces (PSR-2) 2015-07-02 16:54:27 +02:00			`if (Hash::needsRehash($hashed)) {`
			`$hashed = Hash::make('plain-text');`
			`}`