Skip to main content
CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Web Exploitation
  4. /
  5. PHP
  6. /
  7. Methods
Edit page

Methods

password_hash()

When using PASSWORD_BCRYPT (default since PHP 5.5.0), passwords are limited to 72 bytes. Anything longer is silently truncated, this can weaken brute-force complexity or comparison logic.

Example behavior:

var_dump(password_hash(str_repeat("A",80), PASSWORD_BCRYPT));

This will return the hash for 72 A’s.