PHP - password_needs_rehash() Function

The PHP Hashing password_needs_rehash() function is used to determine whether a given hash matches the given option and check whether the hash needs to be rehashed. In PHP, a "hash" refers to a fixed-size string of characters produced by a hashing algorithm. The input data can be of any size, and the algorithm generates a unique output based on that input.

The options generally include the algorithm used and various parameters, such as cost, which can affect the security and performance of the hashing process.

This function returns a boolean value "true" if the hash can be rehashed to match the given algo and options; otherwise, it returns "false".

Syntax

Following is the syntax of the PHP Hashing password_needs_rehash() function −

password_needs_rehash(string $hash, string $algo, array $options = []): bool

Parameters

This function accepts the following parameters −

• hash − A hash created bypassword_hash() function.
• algo − Apassword algorithm constantrepresents the algorithm to use when hashing the password.
• options − An associative array containing options.

Return value

This function returnstrue, if the hash should be rehashed to match the givenalgoandoptions, orfalseotherwise.

Example 1

The following program demonstrates the usage of the PHP Hashing password_needs_rehash() function −

<?php
   $passw = "53nh46u74m3nt3";
   $hashp = '$argon2i$v=19$m=65536,t=4,p=1$dmJMWlhFUEFvaTFSeFhFNQ$Cpgdj1rHw21Y7WqnMpUAFFp7uLubGoU7Zxc09Pn8t9k';
   $algo = PASSWORD_ARGON2I;
   $options = ['cost' => 12];
   $conf = password_needs_rehash($hashp, $algo);
   echo "The given password: $passw";
   echo "\nThe given password hash: $hashp";
   echo "\nThe given algo: $algo";
   $result = password_needs_rehash($hashp, $algo, $options);
   if($result){
	   $newhas = password_hash($passw, $algo);
	   echo "\nThe function result: ";
	   var_dump($result);
	   echo "Hash need to rehashed, Suggested for the new hash: \n";
	   echo $newhas;
	   }
   else {
	   echo "\nThe function result: ";
	   var_dump($result);
	   echo "Matched, no need to be rehashed: ";
   }
?>

Output

The above program produces the following output −

The given password: 53nh46u74m3nt3
The given password hash: $argon2i$v=19$m=65536,t=4,p=1$dmJMWlhFUEFvaTFSeFhFNQ$Cpgdj1rHw21Y7WqnMpUAFFp7uLubGoU7Zxc09Pn8t9k
The given algo: argon2i
The function result: bool(false)
Matched, no need to be rehashed:

Example 2

If the given hash does not match the given options, this function returns "true".

Following is another example of the PHP Hashing password_needs_rehash() function. We use this function to check whether the given hash matches the given options −

<?php
   $passw = "53nh46u74m3nt3";
   $hashp = '$argon2i$v=19$m=1024,t=2,p=2$d1JJWnNHMkVEekZwcTFUdA$zeSi7c/Adh/1KCTHddoF39Xxwo9ystxRzHEnRa0lQeM';
   $algo = PASSWORD_ARGON2I;
   $options = ['cost' => 12];
   $conf = password_needs_rehash($hashp, $algo);
   echo "The given password: $passw";
   echo "\nThe given password hash: $hashp";
   echo "\nThe given algo: $algo";
   $result = password_needs_rehash($hashp, $algo, $options);
   if($result){
	   $newhas = password_hash($passw, $algo);
	   echo "\nThe function result: ";
	   var_dump($result);
	   echo "Hash need to rehashed, suggested for the new hash: \n";
	   echo $newhas;
	   }
   else {
	   echo "\nThe function result: ";
	   var_dump($result);
	  echo "\nMatched, no need to be rehashed: ";
   }
?>

Output

After executing the above program, the following output will be displayed −

The given password: 53nh46u74m3nt3
The given password hash: $argon2i$v=19$m=1024,t=2,p=2$d1JJWnNHMkVEekZwcTFUdA$zeSi7c/Adh/1KCTHddoF39Xxwo9ystxRzHEnRa0lQeM
The given algo: argon2i
The function result: bool(true)
Hash need to rehashed, suggested for the new hash:
$argon2i$v=19$m=65536,t=4,p=1$amw3ZHM3bEpYN3lWYlp6eg$wNWs5nkT2/Yx7NXkOJ4TZ4EqUmc58Xhb6N3IX5shNc8