wp_fast_hash()
Returns a cryptographically secure hash of a message using a fast generic hash function.
Use the wp_verify_fast_hash() function to verify the hash.
This function does not salt the value prior to being hashed, therefore input to this function must originate from a random generator with sufficiently high entropy, preferably greater than 128 bits. This function is used internally in WordPress to hash security keys and application passwords which are generated with high entropy.
Important:
- This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
- This function must not be used for hashing other low-entropy input. Use wp_hash() for that.
The BLAKE2b algorithm is used by Sodium to hash the message.
No Hooks.
Returns
String. The hash of the message.
Usage
wp_fast_hash( string $message ): string;
- string $message(required)
.
It has the attribute
#[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
Changelog
| Since 6.8.0 | Introduced. |
wp_fast_hash() wp fast hash code WP 6.8.1
function wp_fast_hash(
#[\SensitiveParameter]
string $message
): string {
$hashed = sodium_crypto_generichash( $message, 'wp_fast_hash_6.8+', 30 );
return '$generic$' . sodium_bin2base64( $hashed, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING );
}