sodium_crypto_pwhash_str_verify

Verifies that a password matches a hash

Description

bool sodium_crypto_pwhash_str_verify(string $hash, #[\SensitiveParameter]string $password)

Checks that a password hash created using sodium_crypto_pwhash_str matches a given plain-text password. Note that the parameters are in the opposite order to the same parameters in the similar password_verify function.

Parameters

hash

A hash created by password_hash.

password

The user's password.

Return Values

Returns true if the password and hash match, or false otherwise.

Notes

Note:

Hashes are calculated using the Argon2ID algorithm, providing resistance to both GPU and side-channel attacks.

See Also

  • sodium_crypto_pwhash_str
  • password_hash
  • password_verify