PHPackages krzysztofzylka/hash - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. krzysztofzylka/hash ActiveLibrary[Security](/categories/security) krzysztofzylka/hash =================== Versioned hash library with multiple algorithm support 2.0.0(10mo ago)01.2k↓34.6%1MITPHPPHP >=8.1 Since Dec 4Pushed 10mo ago1 watchersCompare [ Source](https://github.com/krzysztofzylka/Hash)[ Packagist](https://packagist.org/packages/krzysztofzylka/hash)[ RSS](/packages/krzysztofzylka-hash/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (1)Versions (5)Used By (1) VersionedHasher =============== [](#versionedhasher) A modern PHP library for secure password hashing and general-purpose hashing with version support and algorithm migration capabilities. Features -------- [](#features) - **Modern Security**: Uses Argon2id as the default algorithm (2024 security standard) - **Version Management**: Built-in versioning system for seamless algorithm migration - **Multiple Algorithms**: Support for 15+ hashing algorithms from secure password hashers to fast checksums - **Backward Compatibility**: Seamlessly works with existing PHP `password_hash()` outputs - **Security Assessment**: Built-in tools to evaluate hash strength and recommend upgrades - **Migration Ready**: Easy detection of hashes that need security upgrades Installation ------------ [](#installation) ``` composer require krzysztofzylka/hash ``` Quick Start ----------- [](#quick-start) ### Secure Password Hashing [](#secure-password-hashing) ``` use Krzysztofzylka\Hash\VersionedHasher; // Create a secure password hash (uses Argon2id by default) $hash = VersionedHasher::createSecure('mypassword'); // Output: $014$argon2id$v=19$m=65536,t=4,p=3$base64salt$base64hash // Verify password $isValid = VersionedHasher::verify($hash, 'mypassword'); // true ``` ### Custom Algorithm Usage [](#custom-algorithm-usage) ``` // Use specific algorithm $hash = VersionedHasher::create('data', 'bcrypt', ['cost' => 12]); $hash = VersionedHasher::create('data', 'sha256'); $hash = VersionedHasher::create('data', 'xxh64'); // Fast checksum // Verify any supported hash $isValid = VersionedHasher::verify($hash, 'data'); ``` Supported Algorithms -------------------- [](#supported-algorithms) ### Password Hashing (Secure) [](#password-hashing-secure) - **argon2id** ⭐ (Recommended 2024) - Most secure, resistant to all attacks - **argon2i** - Secure alternative to Argon2id - **bcrypt** - Widely supported, good security - **scrypt** - Memory-hard function - **pbkdf2** - Minimum acceptable security ### Cryptographic Hashes [](#cryptographic-hashes) - **sha512** / **sha256** - Standard cryptographic hashes - **ripemd256** - Alternative cryptographic hash - **snefru** / **gost** - Specialized cryptographic functions ### Fast Checksums (Non-secure) [](#fast-checksums-non-secure) - **xxh128** / **xxh64** / **xxh32** / **xxh3** - Ultra-fast checksums - **crc32** / **crc32c** - Standard checksums ### Legacy (Deprecated) [](#legacy-deprecated) - **md5** - Only for compatibility (not secure) Advanced Usage -------------- [](#advanced-usage) ### Security Assessment [](#security-assessment) ``` // Check if hash needs upgrade $needsUpgrade = VersionedHasher::needsRehash($oldHash); if ($needsUpgrade) { $newHash = VersionedHasher::createSecure($password); // Update database with new hash } // Get hash information $info = VersionedHasher::getHashInfo($hash); /* Array( 'format' => 'versioned', 'algorithm' => 'argon2id', 'version' => '014', 'secure' => true, 'strength' => 'high' ) */ ``` ### Algorithm Discovery [](#algorithm-discovery) ``` // Get recommended algorithm for current system $recommended = VersionedHasher::getRecommendedAlgorithm(); // 'argon2id' // Get all supported algorithms $all = VersionedHasher::getSupportedAlgorithms(); // Get only secure algorithms $secure = VersionedHasher::getSecureAlgorithms(); // Get algorithms by strength $high = VersionedHasher::getAlgorithmsByStrength('high'); ``` ### Custom Configuration [](#custom-configuration) ``` // Custom Argon2id settings $hash = VersionedHasher::create('password', 'argon2id', [ 'memory_cost' => 131072, // 128 MB 'time_cost' => 6, // 6 iterations 'threads' => 4 // 4 threads ]); // Custom bcrypt cost $hash = VersionedHasher::create('password', 'bcrypt', ['cost' => 14]); // Custom PBKDF2 settings $hash = VersionedHasher::create('password', 'pbkdf2', [ 'iterations' => 20000 ]); ``` Security Recommendations (2024) ------------------------------- [](#security-recommendations-2024) ### For New Applications [](#for-new-applications) 1. **Use `createSecure()`** - Automatically uses Argon2id with optimal settings 2. **Regular Assessment** - Check `needsRehash()` periodically 3. **Monitor Algorithms** - Stay updated on algorithm recommendations ### For Legacy Applications [](#for-legacy-applications) 1. **Gradual Migration** - Use `needsRehash()` to identify upgrade candidates 2. **Backward Compatibility** - Library works with existing `password_hash()` outputs 3. **User Login Migration** - Upgrade hashes during successful logins ``` // Migration example if (VersionedHasher::verify($storedHash, $inputPassword)) { // Login successful if (VersionedHasher::needsRehash($storedHash)) { $newHash = VersionedHasher::createSecure($inputPassword); // Update database with $newHash } // Continue with login process } ``` Version Format -------------- [](#version-format) The library uses a versioned format for all hashes: ``` $VERSION$HASH_VALUE ``` Examples: - `$014$argon2id$v=19$m=65536,t=4,p=3$...` - Argon2id - `$015$2y$12$abcdef...` - bcrypt - `$002$a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3` - SHA256 Performance Guidelines ---------------------- [](#performance-guidelines) ### Password Hashing [](#password-hashing) - **High Security**: Argon2id with 128MB+ memory - **Balanced**: Default `createSecure()` settings (64MB, 4 iterations) - **Fast**: bcrypt with cost 12 ### Checksums [](#checksums) - **Ultra Fast**: xxh64, xxh3 - **Standard**: crc32, crc32c - **Cryptographic**: sha256, sha512 Error Handling -------------- [](#error-handling) ``` try { $hash = VersionedHasher::create('data', 'unsupported_algo'); } catch (Exception $e) { echo "Error: " . $e->getMessage(); } // Check algorithm support before use if (VersionedHasher::isAlgorithmSupported('argon2id')) { $hash = VersionedHasher::create('data', 'argon2id'); } ``` Requirements ------------ [](#requirements) - PHP 7.4+ - Hash extension (usually included) - For Argon2: PHP 7.2+ with password\_hash Argon2 support - For scrypt: libsodium or hash extension with scrypt support Security Notes -------------- [](#security-notes) ⚠️ **Important Security Considerations:** 1. **Never use fast checksums for passwords** (xxh\*, crc32, md5) 2. **Upgrade legacy hashes** regularly using `needsRehash()` 3. **Use secure algorithms** for sensitive data 4. **Monitor algorithm recommendations** as security standards evolve 5. **Test algorithm availability** in your environment License ------- [](#license) MIT License - see LICENSE file for details. Contributing ------------ [](#contributing) 1. Fork the repository 2. Create feature branch 3. Add tests for new functionality 4. Submit pull request Support ------- [](#support) For issues and questions: - GitHub Issues: \[repository-url\] - Documentation: \[docs-url\] ### Health Score 37 — LowBetter than 83% of packages Maintenance54 Moderate activity, may be stable Popularity19 Limited adoption so far Community9 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~191 days Total 4 Last Release 321d ago Major Versions 1.0.2 → 2.0.02025-07-01 PHP version history (2 changes)1.0.1PHP >=8.0 1.0.2PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/b71301619d71d2798d3a84f23de616ac1f1c185ab72e4f03e925cff169b03a0d?d=identicon)[krzysztofzylka](/maintainers/krzysztofzylka) --- Top Contributors [![krzysztofzylka](https://avatars.githubusercontent.com/u/41385342?v=4)](https://github.com/krzysztofzylka "krzysztofzylka (6 commits)") --- Tags securitycryptohashversionedpbkdf2argon2 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/krzysztofzylka-hash/health.svg) ``` [![Health](https://phpackages.com/badges/krzysztofzylka-hash/health.svg)](https://phpackages.com/packages/krzysztofzylka-hash) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[ayesh/stateless-csrf Secret-key based state-less CSRF token generator and validator for PHP 8. State-less means you do not have to store the CSRF token in session or database. 3223.3k](/packages/ayesh-stateless-csrf) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)