In Laravel, hashing is a way to securely store sensitive data like passwords. Laravel provides built-in hashing methods to make it easier to hash and verify values. Let me explain in detail.
1. Hashing in Laravel
Laravel uses the Hash facade to work with hashing. The most common methods are bcrypt and argon2.
2. Built-in Hashing Methods
a) Bcrypt
- Bcrypt is the default hashing method in Laravel.
- It’s secure, widely used, and automatically handles salt internally.
- Example:
use Illuminate\Support\Facades\Hash;
$password = 'secret123';
$hashed = Hash::make($password);
- To verify:
if (Hash::check('secret123', $hashed)) {
// Password is correct
}
b) Argon2
- Laravel also supports Argon2i and Argon2id, which are considered more secure and resistant to GPU attacks.
- Example:
$hashed = Hash::make('secret123', [
'memory' => 1024,
'time' => 2,
'threads' => 2,
]);
- You can check passwords the same way using
Hash::check().
c) Password Rehashing
- Laravel allows you to rehash passwords if your hashing algorithm changes:
if (Hash::needsRehash($hashed)) {
$hashed = Hash::make('secret123');
}
3. Summary of Laravel Hashing Methods
| Method | Description | Default Options |
|---|---|---|
| bcrypt | Default method, secure, automatically salted | Cost: 10 |
| argon2i | Resistant to GPU attacks | Memory, time, threads |
| argon2id | Hybrid variant of Argon2 | Memory, time, threads |
4. Usage Notes
- Never store plain text passwords.
- Always use
Hash::make()for storing andHash::check()for verifying. - Use
Hash::needsRehash()if you update security settings.