Simple question because i did not find a really helping answer on google: Does the password_hash() function also check if there is already such a hash generated for instance in the userdata file? I basically get what the function is doing, but i am fairly new to php, so i was not really able to see if the password is checked for uniqueness.

Please be gentle on this noob question right here. I simply want to understand what i am using right there, and not only do it because my exercise sheet at university tells me so.

No.

Two reasons:

• the function will not know anything about "other" passwords.
• You don't want this. What will you do if you hit a duplicate? Tell the user? He will then know someone's password.

The password_hash() function is designed in a way that duplicates are extremely unlikely, so from the view of a developer, it is of no concern that two hashes could theoretically be the same.

Because of the properties of the password_hash() function and because it generates a random salt for each password...

1. the chance that the function generates a duplicate is incredible small, even if two users use the same password, the function would generate different hashes
2. one cannot search for the hash anyway, you need another search key like the username, so a duplicate wouldn't be a problem neither.

No, it does not check for uniqueness.