Lithe Hash: A Robust Module for Secure Password Hashing

Lithe Hash is a robust module designed for secure hashing of passwords using the Bcrypt algorithm. This module simplifies the process of creating, verifying and managing password hashes, ensuring that best security practices are followed.

Index

1. Installation
2. Use
   • Importing the Class
   • Creating a Hash
   • Verifying a Hash
   • Checking if a Hash Needs Rehashing
   • Understanding Bcrypt
   • Exception Handling
3. Tests
4. License

Installation

To install the lithemod/hash package, you can use Composer. Run the following command in your terminal:

composer require lithemod/hash

This will add the package to your project's dependencies, allowing you to use the Hash class in your application.

Use

Importing the Class

Before using the Hash class, you must import it into your PHP file:

use Lithe\Support\Security\Hash;

Creating a Hash

To create a hash from a password, use the make method. The method accepts a password and an optional array of options:

$hash = Hash::make('sua_senha', ['cost' => 10]);

Parameters:

• string $value: The password to be hashed.
• $options array: Optional parameters (e.g. cost) to tune the hashing algorithm.

Returns: A hash string that can be stored in a database.

Example:

$password = 'minha_senha_segura';
$hash = Hash::make($password, ['cost' => 12]);
echo "Senha Hashed: " . $hash;

Verifying a Hash

To check if a password matches the hash, use the check:
method

$isValid = Hash::check('sua_senha', $hash);
if ($isValid) {
    echo 'Senha é válida!';
} else {
    echo 'Senha inválida.';
}

Parameters:

• string $value: The password to be checked.
• string $hash: The hashed password for comparison.

Returns: true if the password matches the hash; false otherwise.

Example:

if (Hash::check('minha_senha_segura', $hash)) {
    echo 'Senha está correta!';
} else {
    echo 'Senha está incorreta!';
}

Checking if a Hash Needs Rehashing

You can determine whether a hash needs to be rehashed (for example, if you change the cost factor) using the needsRehash:
method

$needsRehash = Hash::needsRehash($hash, ['cost' => 14]);
if ($needsRehash) {
    // Rehash com um novo custo
    $hash = Hash::make('sua_senha', ['cost' => 14]);
}

Parameters:

• string $hash: The hashed password to be evaluated.
• array $options: Optional parameters to specify the cost.

Returns: true if the hash needs to be rehashed; false otherwise.

Example:

composer require lithemod/hash

Understanding Bcrypt

Bcrypt is a widely used password hashing function designed to be slow and compute-intensive, making it resistant to brute force attacks. By utilizing a configurable cost factor, Bcrypt allows you to increase hashing difficulty as hardware becomes faster.

• Cost Factor: The cost factor determines the computational complexity of hashing a password. It represents the number of iterations of the hashing algorithm. A higher cost means more security, but it also increases processing time. The recommended range is between 10 and 12 for most applications.

Exception Handling

The make method throws an InvalidArgumentException if the cost is set outside the valid range (4 to 31). You must handle this in your code to ensure robustness:

use Lithe\Support\Security\Hash;

The above is the detailed content of Lithe Hash: A Robust Module for Secure Password Hashing. For more information, please follow other related articles on the PHP Chinese website!