Returns a cryptographically secure hash of a message using a fast generic hash function.
Description
Use the wp_verify_fast_hash() function to verify the hash.
This function does not salt the value prior to being hashed, therefore input to this function must originate from a random generator with sufficiently high entropy, preferably greater than 128 bits. This function is used internally in WordPress to hash security keys and application passwords which are generated with high entropy.
Important:
- This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
- This function must not be used for hashing other low-entropy input. Use wp_hash() for that.
The BLAKE2b algorithm is used by Sodium to hash the message.
Parameters
$messagestringrequired- The message to hash.
Source
function wp_fast_hash(
#[\SensitiveParameter]
string $message
): string {
$hashed = sodium_crypto_generichash( $message, 'wp_fast_hash_6.8+', 30 );
return '$generic$' . sodium_bin2base64( $hashed, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING );
}
Changelog
| Version | Description |
|---|---|
| 6.8.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.