/** * Returns a $representation of the hashed password, using the * accountName as the salt. The salt helps to prevent against "rainbow" * table attacks where the attacker pre-calculates hashes for known strings. * This method specifies the use of the user's account name as the "salt" * value. The Encryptor.hash method can be used if a different salt is * required. * * @param password * the password to hash * @param accountName * the account name to use as the salt * * @return * the hashed password */ function hashPassword($password, $accountName) { $salt = strtolower($accountName); return ESAPI::getEncryptor()->hash($password, $salt); }