I am wondering about how password_verify() verifies the hash, I have reviewed the documentation and many answers in StackOverflow, but I didn’t get the idea
because, as I understood, this function will compare the hash with entered password after hashing it again, and use the same salt and cost and algorithm,
but the question here: if anyone can separate the salt from the hashed password, then anybody also can try to use rehash and try to match, and the salt will be useless here. Am I right, or what?