A. Rossi A. Rossi - 1 month ago 11
PHP Question

Hashing a password more than once

If I hash for example a password twice:

$psw1= password_hash($password,PASSWORD_DEFAULT);
$psw2=password_hash($psw1,PASSWORD_DEFAULT);


Is this more secure or it this just useless?

P.S.: I am new to php

Answer Source

This will prevent you from verifying the password, since you won't be able to reproduce the first hash, since you've discarded the random salt of the first hash. Instead, to increase security of a single hash, simply adjust its cost factor:

password_hash($password, PASSWORD_DEFAULT, ['cost' => 12])

The higher the cost, the more rounds of hashing will be done. Pick a cost that doesn't slow the process down too much, but isn't too low either. In fact, you should keep increasing the cost factor over time as better server hardware becomes available, and rehash your users passwords over time with the stronger algorithm. That's specifically what password_needs_rehash is for.