WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_verify_fast_hash()

wp_verify_fast_hash( string $message, string $hash ): bool

In this article

Back to top

Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash() .

Description

The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security keys which were hashed using phpass prior to WordPress 6.8.0.

Parameters

$messagestringrequired
The plaintext message.
$hashstringrequired
Hash of the message to check against.

Return

bool Whether the message matches the hashed message.

Source

function wp_verify_fast_hash(
	#[\SensitiveParameter]
	string $message,
	string $hash
): bool {
	if ( ! str_starts_with( $hash, '$generic$' ) ) {
		// Back-compat for old phpass hashes.
		require_once ABSPATH . WPINC . '/class-phpass.php';
		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
	}

	return hash_equals( $hash, wp_fast_hash( $message ) );
}

View all references View on Trac View on GitHub

UsesDescription
wp_fast_hash()wp-includes/functions.php

Returns a cryptographically secure hash of a message using a fast generic hash function.

Used byDescription
WP_Application_Passwords::check_password()wp-includes/class-wp-application-passwords.php

Checks a plaintext application password against a hashed password.

WP_Recovery_Mode_Key_Service::validate_recovery_mode_key()wp-includes/class-wp-recovery-mode-key-service.php

Verifies if the recovery mode key is correct.

wp_validate_user_request_key()wp-includes/user.php

Validates a user request by comparing the key with the request’s key.

check_password_reset_key()wp-includes/user.php

Retrieves a user row based on password reset key and login.

Changelog

VersionDescription
6.8.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.