All geek questions in one place

Laravel 4 - Hashing the same password gives different values

I try to authenticate a user using the Auth::attempt() method and it continues to fail, so I ended up with the following code:

 $arr = array(); $arr['verified'] = Hash::make('1234') . ' ; ' . Hash::make('1234'); return json_encode($arr);

and this is the result:

 {"verified":"$2y$10$V4yXBUcxealfLrzOE\/xAD.sJ8qpNhrMA6K6dENBBXYqaVx1zSETgy ; $2y$10$C9xpOWLTUyfy1KL.Y3Tot.KWADmQYFK\/HAf6uZGGXTKcVh52qHS4m"}

As you can see, the first hash gives $2y$10$V4yXBUcxealfLrzOE\/xAD.sJ8qpNhrMA6K6dENBBXYqaVx1zSETgy , and the second hash gives $2y$10$C9xpOWLTUyfy1KL.Y3Tot.KWADmQYFK\/HAf6uZGGXTKcVh52qHS4m

This should have nothing to do with the database, although during storage I have a password field of 60 characters.

Any ideas?

+6
source share
1 answer

This is great, as well as how it should work. Laravel uses Bcrypt for Hashing and therefore generates random salt during the hash process. Salt will be part of the hash, so you get two different results.

The self-learning algorithm automatically considers salt. This method makes using rainbow tables virtually impossible.

This is not a mistake, this is extra security without effort.

Given that your example with both of your hashes will return true:

 <?php $hash1 = Hash::make('1234'); // A hash is generated $hash2 = Hash::make('1234'); // Another hash is generated that differs from the first one var_dump(Hash::check('1234', $hash1) && Hash::check('1234', $hash2));

Despite the fact that $hash1 and $hash2 contain different hashes, it is very important for them that this base line be evaluated as true.

The generated hash is 60 characters long. Therefore, make sure that the column in which the hash is stored has a minimum size of 60 characters

+25
source

Source: https://habr.com/ru/post/971272/

More articles:


All Articles