Why is `password_verify()` Returning False in PHP 5.5?

Why is Password_Verify Returning False?

When using PHP 5.5's password_verify() function to validate password hashes, developers may encounter false returns that can be attributed to various factors. One common cause, particularly if PHP 5.5 is used, is related to the maximum length of the password hash column in the database.

Database Column Length Considerations

According to the PHP manual, password hashes stored in database columns should have a length greater than 60 characters for optimal security. This is because password_verify() implements a secure, slow hashing algorithm (bcrypt) that outputs hashes of varying lengths based on factors such as salt and iterations.

If the password hash column in your database has a length limit of 60 characters, it may truncate the stored hash and cause password_verify() to fail. Therefore, ensuring that the column length is set to 255 characters or more is recommended to resolve this issue.

The above is the detailed content of Why is `password_verify()` Returning False in PHP 5.5?. For more information, please follow other related articles on the PHP Chinese website!