Hashing
Introduction
The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. If you are using the built-in LoginController and RegisterController classes that are included with your Laravel application, they will automatically use Bcrypt for registration and authentication.
Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases.
Basic Usage
You may hash a password by calling the make method on the Hash facade:
1<?php 2 3namespace App\Http\Controllers; 4 5use Illuminate\Http\Request; 6use Illuminate\Support\Facades\Hash; 7use App\Http\Controllers\Controller; 8 9class UpdatePasswordController extends Controller10{11 /**12 * Update the password for the user.13 *14 * @param Request $request15 * @return Response16 */17 public function update(Request $request)18 {19 // Validate the new password length...20 21 $request->user()->fill([22 'password' => Hash::make($request->newPassword)23 ])->save();24 }25}The make method also allows you to manage the work factor of the bcrypt hashing algorithm using the rounds option; however, the default is acceptable for most applications:
1$hashed = Hash::make('password', [2 'rounds' => 123]);Verifying A Password Against A Hash
The check method allows you to verify that a given plain-text string corresponds to a given hash. However, if you are using the LoginController included with Laravel, you will probably not need to use this directly, as this controller automatically calls this method:
1if (Hash::check('plain-text', $hashedPassword)) {2 // The passwords match...3}Checking If A Password Needs To Be Rehashed
The needsRehash function allows you to determine if the work factor used by the hasher has changed since the password was hashed:
1if (Hash::needsRehash($hashed)) {2 $hashed = Hash::make('plain-text');3}