Laravel MCP Companion

# Hashing - [Introduction](#introduction) - [Configuration](#configuration) - [Basic Usage](#basic-usage) - [Hashing Passwords](#hashing-passwords) - [Verifying That a Password Matches a Hash](#verifying-that-a-password-matches-a-hash) - [Determining if a Password Needs to be Rehashed](#determining-if-a-password-needs-to-be-rehashed) <a name="introduction"></a> ## Introduction The Laravel `Hash` [facade](/docs/{{version}}/facades) provides secure Bcrypt and Argon2 hashing for storing user passwords. If you are using one of the [Laravel application starter kits](/docs/{{version}}/starter-kits), Bcrypt will be used for registration and authentication by default. Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases. When hashing passwords, slow is good. The longer an algorithm takes to hash a password, the longer it takes malicious users to generate "rainbow tables" of all possible string hash values that may be used in brute force attacks against applications. <a name="configuration"></a> ## Configuration The default hashing driver for your application is configured in your application's `config/hashing.php` configuration file. There are currently several supported drivers: [Bcrypt](https://en.wikipedia.org/wiki/Bcrypt) and [Argon2](https://en.wikipedia.org/wiki/Argon2) (Argon2i and Argon2id variants). <a name="basic-usage"></a> ## Basic Usage <a name="hashing-passwords"></a> ### Hashing Passwords You may hash a password by calling the `make` method on the `Hash` facade: <?php namespace App\Http\Controllers; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; class PasswordController extends Controller { /** * Update the password for the user. */ public function update(Request $request): RedirectResponse { // Validate the new password length... $request->user()->fill([ 'password' => Hash::make($request->newPassword) ])->save(); return redirect('/profile'); } } <a name="adjusting-the-bcrypt-work-factor"></a> #### Adjusting The Bcrypt Work Factor If you are using the Bcrypt algorithm, the `make` method allows you to manage the work factor of the algorithm using the `rounds` option; however, the default work factor managed by Laravel is acceptable for most applications: $hashed = Hash::make('password', [ 'rounds' => 12, ]); <a name="adjusting-the-argon2-work-factor"></a> #### Adjusting The Argon2 Work Factor If you are using the Argon2 algorithm, the `make` method allows you to manage the work factor of the algorithm using the `memory`, `time`, and `threads` options; however, the default values managed by Laravel are acceptable for most applications: $hashed = Hash::make('password', [ 'memory' => 1024, 'time' => 2, 'threads' => 2, ]); > [!NOTE] > For more information on these options, please refer to the [official PHP documentation regarding Argon hashing](https://secure.php.net/manual/en/function.password-hash.php). <a name="verifying-that-a-password-matches-a-hash"></a> ### Verifying That a Password Matches a Hash The `check` method provided by the `Hash` facade allows you to verify that a given plain-text string corresponds to a given hash: if (Hash::check('plain-text', $hashedPassword)) { // The passwords match... } <a name="determining-if-a-password-needs-to-be-rehashed"></a> ### Determining if a Password Needs to be Rehashed The `needsRehash` method provided by the `Hash` facade allows you to determine if the work factor used by the hasher has changed since the password was hashed. Some applications choose to perform this check during the application's authentication process: if (Hash::needsRehash($hashed)) { $hashed = Hash::make('plain-text'); }