What is the meaning hash_equals?

Why the recommendation to check two passwords suggest hash_equals?
How is it different from === ?
April 4th 20 at 13:21
2 answers
April 4th 20 at 13:23
Judging by the documentation, then hash_equals not the same as ===to avoid the attack in time. You can read the sourceto see that there are additional internal logic.
Explain please how this is even related or useful?
We have in fact in fact in the function get two values to compare, what else you can do with them is useful, except as just to compare?
As we know something about zloumyshlennika and stolen the key, if these data are not client-side, but only a string with the password.

And again, there is a comparison on a string is a data type or not, even if not a string, but pure numbers, we also compare returns false because of a mismatch of password. - Ardella commented on April 4th 20 at 13:26
@Ardella, validation code, sensitive data should be resistant to reverse engineering and brute force, so it is better to use cryptographic functions where they already exist yazykomi and generally accepted practices. For very simple tasks or tasks unrelated to the important data it may not be necessary. Personally, in my practice, I didn't use it (it was not a task for the context). - myles commented on April 4th 20 at 13:29
April 4th 20 at 13:25
Compactness, readability.

Find more questions by tags PHP