Generate password hash
Generate password hash ( password {; options} ) : Text
Parameter | Type | Description | |
---|---|---|---|
password | Text | → | The user's password. Only the first 72 characters are used. |
options | Object | → | An object containing options. |
Function result | Text | ← | Returns the hashed password. |
Description
The Generate password hash function returns a secure password hash generated by a cryptographic hash algorithm.
Pass a string value in the password parameter. The Generate password hash returns a hashed string for the password. Multiple passes of the same password will result in different hashed strings.
In the options object, pass the properties to use when generating the password hash. The available values are listed in the table below:
Property | Value Type | Description | Default Value |
---|---|---|---|
algorithm | string | algorithm to be used. Currently only "bcrypt" (case sensitive) is supported. | bcrypt |
cost | numeric | speed to be used. The supported values for bcrypt are between 4 and 31. | 10 |
Note: If either value in the options object is invalid, an error message and an empty string will be returned.
Error management
The following errors may be returned. You can review an error with the Last errors and ON ERR CALL commands.
Number | Message |
---|---|
850 | Password-hash: Unsupported algorithm. |
852 | Password-hash: Unavailable bcrypt cost parameter, please provide a value between 4 and 31. |
About bcrypt
bcrypt is a password hashing function based on the Blowfish cipher. In addition to incorporating a salt to protect against rainbow table attacks, it's an adaptive function in which the iteration count can be increased to make it slower, so it remains resistant to brute-force attacks even with increasing computation power because it takes longer and becomes too time consuming and expensive.
Example
This example generates a password hash using bcrypt with a cost factor 4.
var $password : Text
var $hash : Text
var $options : Object
$options:=New object("algorithm";"bcrypt";"cost";4)
$password:=Request("Please enter your password")
$hash:=Generate password hash($password;$options)
[Users]hash:=$hash
SAVE RECORD([Users])
Reminder: Multiple passes of the same password will result in different hashed strings. This is a standard behavior for algorithms such as bcrypt, since the best practice is to create a new, random salt for every hash. Refer to the Verify password hash description for an example of how to check the passwords.