Using this function is the proper way to hash a password. Using naïve methods such as sha1 or md5, as is done in many web applications, is improper due to the lack of a cryptographically strong salt. Using `lithium\security\Password::hash()` ensures that: - Two identical passwords will never use the same salt, thus never resulting in the same hash; this prevents a potential attacker from compromising user accounts by using a database of most commonly used passwords. - The salt generator's count iterator can be increased within Lithium or your application as computer hardware becomes faster; this results in slower hash generation, without invalidating existing passwords. Usage: {{{ // Hash a password before storing it: $hashed = Password::hash($password); // Check a password by comparing it to its hashed value: $check = Password::check($password, $hashed); // Use a stronger custom salt: $salt = Password::salt('bf', 16); // 2^16 iterations $hashed = Password::hash($password, $salt); // Very slow $check = Password::check($password, $hashed); // Very slow // Forward/backward compatibility $salt1 = Password::salt('bf', 6); $salt2 = Password::salt('bf', 12); $hashed1 = Password::hash($password, $salt1); // Fast $hashed2 = Password::hash($password, $salt2); // Slow $check1 = Password::check($password, $hashed1); // True $check2 = Password::check($password, $hashed2); // True }}}