January 15, 2014 1:09 pm

How to Hashing Password in PHP 5.5 with Password Hashing API

This tutorial show you how to hashing passwords in PHP 5.5 with hashing API. There is a large number of web developers using old and less secure algorithm like MD5 and SHA1 encryption etc but those passwords are plain strings. In this new hashing API it uses bcrypt (its a  key derivation function for passwords). In this article we are going to explore PHP’s new hashing API.

Hashing Password in PHP 5.5 with Password Hashing API

password_hash() – used to hash the password.
password_verify() – used to verify a password against its hash.


Hash generated from above code is:

In this function the first parameter is your password and second parameter used to specify the algorithm to hash password.

PASSWORD_DEFAULT – is the bcrypt algorithm (default as of PHP 5.5.0).

If you are using PASSWORD_DEFAULT in your projects, its recommended to create column size must be larger than 60 characters to save hash if you define column to 255 would be good.

Most important is that you don’t have to provide salt (appending or pre-appending is called salt) this API can automatically generate random salt but if you want to give your own salt then there is an options to add it as a third parameter in it.

We have generated hashed password with this new API now its time to verify these passwords with password_verify(). This function takes plain password and hashed password which we have saved in database.


This way you can verify your passwords and make your websites passwords strong with the latest API. If you are not using PHP 5.5 then there is a library available you can use that library [here] and create passwords in latest encryption.

I hope you like this tutorial feel free to comment your views.

Author Huzoor Bux

I am Huzoor Bux from Karachi (Pakistan). I have been working as a PHP Developer from last 5+ years, and its my passion to learn new things and implement them as a practice. Basically I am a PHP developer but now days exploring more in HTML5, CSS and jQuery libraries.

Tutorial Categories:
  • Husni’s Elemento

    the better way how to secure password is to create our own function

    • huzoorbux

      Any reason?

      • Husni’s Elemento

        example like this

        l>%z:[email protected]#u:l*l>f#v&ABDiReIStT’);
        define(‘AUTH_SALT_SS’, ‘(W([email protected]/ROZC*e}5VnW[&j=|G@’);
        function ENKRIPSI_PASS($pass){
        $key1 = crypt(“$pass”,’$6a$’.SECURE_AUTH_KEY_SS);
        return $key1.AUTH_SALT_SS;

  • Guilherme Schumacher

    First of all, nice post! My question is: now that we have a specific function for password hash, the best method for verifying if the user is logged in some system is still by using sessions? or there’s a better way on some new 5.5 functions? Thanks in advance!

  • gurwinder

    nice …