CDN.uz Tools
Password Hash Generator & Verifier

Generate Password Hash

PHP 8.3.24
Use a strong passphrase. We don’t store anything.
Tracks PHP’s best default (may change across versions).
Battle‑tested, adjustable cost.
Memory‑hard password hashing.
Recommended variant in many setups.
cost
Higher cost = slower & stronger (typical 10–12).
memory (KiB)
E.g., 4096 (4 MiB), 65536 (64 MiB).
time
threads
Store only the hash in your database. Never store the plain password.

Verify Password Against Hash

Tip: If verification succeeds but password_needs_rehash() returns true, update the stored hash with a fresh one using current defaults.

Best Practices

  • Use password_hash() + password_verify(). Don’t roll your own crypto.
  • Prefer PASSWORD_DEFAULT; it follows PHP’s secure default over time.
  • Never store plain passwords or static salts.
  • Rate‑limit login attempts and use HTTPS.