NativePasswordHasher wraps PHP's native password API behind PasswordHasherInterface.
$hasher = new NativePasswordHasher();
$hash = $hasher->hash($password);By default the hasher uses PASSWORD_DEFAULT.
if (!$hasher->verify($submittedPassword, $storedHash)) {
// Invalid credentials.
}An empty stored hash returns false.
if ($hasher->needsRehash($storedHash)) {
$storedHash = $hasher->hash($submittedPassword);
}Use this after successful verification to move old hashes to the current algorithm or options.
$hasher = new NativePasswordHasher(PASSWORD_BCRYPT, ['cost' => 12]);Invalid algorithms or option errors are wrapped in PasswordHashException.