Search code examples
phplaravellaravel-4laravel-5laravel-5.1

How much cost/rounds does Laravel use to hash with?


I'm trying to understand how the below function works from Laravel 4.2 in the BcryptHasher.php file:

/**
     * Hash the given value.
     *
     * @param  string  $value
     * @param  array   $options
     * @return string
     *
     * @throws \RuntimeException
     */
    public function make($value, array $options = [])
    {
        $cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;

        $hash = password_hash($value, PASSWORD_BCRYPT, ['cost' => $cost]);

        if ($hash === false) {
            throw new RuntimeException('Bcrypt hashing not supported.');
        }

        return $hash;
    }

I think I understand everything except for this line:

$cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;

I understand that the default of $this->rounds is set to 10, which then is the "cost" that the password will be hashed at. However, I'm confused as to what the $options array is doing and how that might affect the cost?


Solution

  • You can pass in the options when you call the make method.

    For example, using the facade:

    $hashed = Hash::make($value, ['rounds' => 8]);
    

    If you don't pass in the cost, it'll use $this->rounds, which is 10.