Summery Summery

Do we need to rehash this password?

Syntax Syntax

ParagonIE_Sodium_Compat::crypto_pwhash_str_needs_rehash( string $hash, int $opslimit, int $memlimit )

Parameters Parameters


(string) (Required)


(int) (Required)


(int) (Required)

Return Return


Source Source

File: wp-includes/sodium_compat/src/Compat.php

    public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit)
        ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
        ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);

        // Just grab the first 4 pieces.
        $pieces = explode('$', (string) $hash);
        $prefix = implode('$', array_slice($pieces, 0, 4));

        // Rebuild the expected header.
        /** @var int $ops */
        $ops = (int) $opslimit;
        /** @var int $mem */
        $mem = (int) $memlimit >> 10;
        $encoded = self::CRYPTO_PWHASH_STRPREFIX . 'v=19$m=' . $mem . ',t=' . $ops . ',p=1';

        // Do they match? If so, we don't need to rehash, so return false.
        return !ParagonIE_Sodium_Core_Util::hashEquals($encoded, $prefix);



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.