wp_verify_fast_hash() │ WP 6.8.0

Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().

The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security keys which were hashed using phpass prior to WordPress 6.8.0.

No Hooks.

Returns

true|false. Whether the message matches the hashed message.

Usage

wp_verify_fast_hash( string $message, $hash ): bool;

string $message(required)

.

It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.

$hash(string) (required)

Hash of the message to check against.

Changelog

wp_verify_fast_hash() wp verify fast hash code ^{WP 6.8.1}

function wp_verify_fast_hash(
	#[\SensitiveParameter]
	string $message,
	string $hash
): bool {
	if ( ! str_starts_with( $hash, '$generic$' ) ) {
		// Back-compat for old phpass hashes.
		require_once ABSPATH . WPINC . '/class-phpass.php';
		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
	}

	return hash_equals( $hash, wp_fast_hash( $message ) );
}