Skip to main content
Version: Next

Generate password hash

Generate password hash ( password {; options} ) : Text

ParameterTypeDescription
passwordTextThe user's password. Only the first 72 characters are used.
optionsObjectAn object containing options.
Function resultTextReturns the hashed password.

Description

The Generate password hash function returns a secure password hash generated by a cryptographic hash algorithm.

Pass a string value in the password parameter. The Generate password hash returns a hashed string for the password. Multiple passes of the same password will result in different hashed strings.

In the options object, pass the properties to use when generating the password hash. The available values are listed in the table below:

PropertyValue TypeDescriptionDefault Value
algorithmstringalgorithm to be used. Currently only "bcrypt" (case sensitive) is supported.bcrypt
costnumericspeed to be used. The supported values for bcrypt are between 4 and 31.10

Note: If either value in the options object is invalid, an error message and an empty string will be returned.

Error management

The following errors may be returned. You can review an error with the Last errors and ON ERR CALL commands.

NumberMessage
850Password-hash: Unsupported algorithm.
852Password-hash: Unavailable bcrypt cost parameter, please provide a value between 4 and 31.
About bcrypt

bcrypt is a password hashing function based on the Blowfish cipher. In addition to incorporating a salt to protect against rainbow table attacks, it's an adaptive function in which the iteration count can be increased to make it slower, so it remains resistant to brute-force attacks even with increasing computation power because it takes longer and becomes too time consuming and expensive.

Example

This example generates a password hash using bcrypt with a cost factor 4.

 var $password : Text
 var $hash : Text
 var $options : Object
 
 $options:=New object("algorithm";"bcrypt";"cost";4)
 $password:=Request("Please enter your password")
 
 $hash:=Generate password hash($password;$options)
 [Users]hash:=$hash
 SAVE RECORD([Users])

Reminder: Multiple passes of the same password will result in different hashed strings. This is a standard behavior for algorithms such as bcrypt, since the best practice is to create a new, random salt for every hash. Refer to the Verify password hash description for an example of how to check the passwords.

See also

Generate digest
Verify password hash