password_hash: Remove personalization

reference/password/functions/password-hash.xml

@@ -29,14 +29,14 @@
       Note that this constant is designed to change over time as new and stronger algorithms are added
       to PHP. For that reason, the length of the result from using this identifier can change over
       time. Therefore, it is recommended to store the result in a database column that can expand
-      beyond 60 characters (255 characters would be a good choice).
+      beyond 60 bytes (255 bytes would be a good choice).
      </simpara>
     </listitem>
     <listitem>
      <simpara>
       <constant>PASSWORD_BCRYPT</constant> - Use the bcrypt algorithm to
       create the hash. This will produce a standard <function>crypt</function> compatible hash using
-      the <literal>$2y$</literal> identifier. The result will always be a 60 character string, &return.falseforfailure;.
+      the <literal>$2y$</literal> identifier.
      </simpara>
     </listitem>
     <listitem>
@@ -82,7 +82,7 @@
      </para>
      <para>
       If omitted, a default value of <literal>12</literal> will be used. This is a good
-      baseline cost, but you may want to consider adjusting it depending on your hardware.
+      baseline cost, but it should be adjusted depending on hardware used.
      </para>
     </listitem>
    </itemizedlist>
@@ -255,13 +255,6 @@
     <programlisting role="php">
 <![CDATA[
 <?php
-/**
- * We just want to hash our password using the current DEFAULT algorithm.
- * This is presently BCRYPT, and will produce a 60 character result.
- *
- * Beware that DEFAULT may change over time, so you would want to prepare
- * By allowing your storage to expand past 60 characters (255 would be good)
- */
 echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
 ?>
 ]]>
@@ -280,10 +273,8 @@ $2y$12$4Umg0rCJwMswRw/l.SwHvuQV01coP0eWmGzd61QH2RvAOMANUBGC.
     <programlisting role="php">
 <![CDATA[
 <?php
-/**
- * In this case, we want to increase the cost for bcrypt to 13.
- */
 $options = [
+    // Increase the bcrypt cost from 12 to 13.
     'cost' => 13,
 ];
 echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
@@ -301,16 +292,17 @@ $2y$13$xeDfQumlmdm0Sco.4qmH1OGfUUmOcuRmfae0dPJhjX1Bq0yYhqbNi
   <para>
    <example>
     <title><function>password_hash</function> example finding a good cost</title>
+    <simpara>
+     This code will benchmark the machine to determine how high of a cost can be used
+     without deteriorating user experience. It is recommended to set the highest cost
+     that does not slow down other operations the machine needs to perform. 11 is a
+     good baseline, and more is better if the machine is fast enough. The code below
+     aims for ≤ 350 milliseconds stretching time, which is an appropriate delay for
+     systems handling interactive logins.
+    </simpara>
     <programlisting role="php">
 <![CDATA[
 <?php
-/**
- * This code will benchmark your server to determine how high of a cost you can
- * afford. You want to set the highest cost that you can without slowing down
- * you server too much. 11 is a good baseline, and more is good if your servers
- * are fast enough. The code below aims for ≤ 350 milliseconds stretching time,
- * which is an appropriate delay for systems handling interactive logins.
- */
 $timeTarget = 0.350; // 350 milliseconds
 
 $cost = 11;
@@ -357,21 +349,21 @@ Argon2i hash: $argon2i$v=19$m=1024,t=2,p=2$YzJBSzV4TUhkMzc3d3laeg$zqU/1IN0/AogfP
   &reftitle.notes;
   <caution>
    <para>
-    It is strongly recommended that you do not generate your own salt for this
-    function.  It will create a secure salt automatically for you if you do
-    not specify one.
+    It is strongly recommended not to provide an explicit salt for this function.
+    A secure salt will automatically be created if no salt is specified.
    </para>
    <para>
-    As noted above, providing the <literal>salt</literal> option in PHP 7.0
-    will generate a deprecation warning. Support for providing a salt manually
-    has been removed in PHP 8.0.
+    As noted above, providing the <literal>salt</literal> option in PHP 7.0.0
+    will generate a deprecation warning. Support for providing a salt explicitly
+    has been removed in PHP 8.0.0.
    </para>
   </caution>
   <note>
    <para>
-    It is recommended that you test this function on your servers, and adjust the cost parameter 
-    so that execution of the function takes less than 350 milliseconds on interactive systems.
-    The script in the above example will help you choose a good cost value for your hardware.
+    It is recommended to test this function on the machine used, adjusting the cost parameter(s)
+    so that execution of the function takes less than 350 milliseconds for interactive logins.
+    The script in the above example will help choosing an appropriate bcrypt cost for the given
+    machine.
    </para>
   </note>
   <note>