PHP documentation page says password_hash() returns the algorithm, cost and salt as part of the returned hash. I'm assuming cost implies the maximum time to execute the comparison so that password_verify() can return a constant time despite the number of matches. Is this the case?

CodePudding user response：

No. password_verify will need to repeat the same hash as password_hash, and for that it needs to use the same parameters as password_hash used to create the hash. Those parameters are all embedded into the hash, cost being one of those parameters. Cost determines how slow the hash should be, usually by repeating the hashing, but the exact meaning can differ between different hashing algorithms.

password_verify also does a constant-time comparison of the two hashes to avoid timing attacks; this is maybe what you confused the notion with. Usually when comparing two strings for equality, you can stop comparing as soon as you find a difference. This may give an attacker some information by trying different passwords and looking at the different times it takes to compare their hashes. A constant-time comparison ensures to always compare the entire string, taking the same amount of time every time.

CodePudding user response：

password_verify returns in what’s known as length constant time, making it immune to timing attacks.

Timing attacks across the open internet are difficult if not often impossible due to the large natural variability of request times. Local networks and shared data centers are more susceptible. Even then it has to be a pretty targeted attack and a decent rate limiter will prevent most.