For bCrypt version of Password Hash. Bcrypt has a fixed length salt value. The crypt function that PHP calls internally when you use password_hash () / password_verify () with the default algorithm has a 16-byte salt. This is given as 22 characters of the alphabet the user base64 A-Za-z/. then it decodes the string into bytes, since 22 B64 characters encode 16.5 bytes. This is an extra piece of data that is not taken into account.
For all other hashes, the salt value is a certain set of bytes, which, of course, are encoded in ASCII-safe b64 and placed after the $ sign and then the checking function will only have to split the string into parts through the $ separator and then go to the third character set gets substr(0,B64_ENCODED_HASH_ALGORITHM_SALT_LEN) . After that, it passes the parameters obtained from the break line and passes them back to the password_hash function along with the password for verification.
The string that it gives you is determined by the hash algorithm standard in most cases, but is almost always something like a template
$<ALGORITHM_ID>$<COST_IN_FORMAT>$<BASE64_ENCODED_SALT><BASE64_ENCODED_HASH>$