README

Password hashing contract and default implementation backed by PHP's native password API.

Use this package when application code should depend on a small password-hashing abstraction instead of calling password_hash() and password_verify() directly.

Installation

composer require componenta/password

Related Packages

Usage

use Componenta\Stdlib\PasswordHasher;

$hasher = new PasswordHasher(options: ['cost' => 12]);

$hash = $hasher->hash('secret');

$hasher->verify('secret', $hash); // true
$hasher->needsRehash($hash);      // false when algorithm/options still match

Contract

PasswordHasherInterface exposes:

• hash(string $password): string
• verify(string $password, string $hash): bool

The default PasswordHasher additionally exposes needsRehash(string $hash): bool so applications can migrate stored hashes when algorithm options change.

Configuration

The constructor accepts:

• algorithm: passed to PHP's password API
• options: passed to password_hash() and password_needs_rehash()

Keep policy decisions such as minimum password length and breach checks in validation/application code. This package only hashes and verifies already accepted password strings.