All geek questions in one place

Bcrypt vs hash in laravel

I want to create a function or something like Cron that executes a link (in Laravel), with something like a password. I have two solutions. But which one is better to use:

Option 1 (hash):

<?php // Page 1 $salt = "my-random-hash"; $key = hash('sha256', date('Ym-d').$salt); // <-- Insert go to page and send GET with $key code here // Page 2 $salt = "my-random-hash"; $key = hash('sha256', date('Ym-d').$salt); if ($key == $pageOneKey) { // Execute some code }

Option 2 (bcrypt):

 <?php // Page 1 $key = Crypt::encrypt(date('Ym-d')); // <-- Insert go to page and send GET with $key code here // Page 2 $key = date('Ym-d'); $pageOneKey = Crypt::decrypt($key); if ($key == $pageOneKey) { // Execute some code }

This code has been described in a broad sense. With better to use, I mean safer / safer or something in this trance. Thanks!

+7
source share
2 answers

The second option is not bcrypt. The Laravel Crypt class uses AES encryption.
As stated in the documentation :

Laravel provides strong AES encryption capabilities through the Mcrypt PHP extension.

As far as I can tell, you don’t need to decrypt the data to cancel the encryption. Therefore, you should definitely use a hash algorithm, for example sha256, in your first option. However, Laravel ships with a pretty good hash class, so why not use this.

Option 3 (Laravel Hash , Bcrypt)

 $hash = Hash::make('secret'); $input = 'secret'; if(Hash::check($input, $hash)){ // the input matches the secret }

Note that you should use Hash::check() for comparison. You cannot just create another hash with Hash::make() and compare them. The generated hash contains a random component, so even if it has the same secret, Hash::make() will produce every hash every time.

Hashing - Laravel Docs

+10
source

If you do not need to decrypt the key for future use, the first option is better.

If you need to return the key after encrypting it, the second option would be better.

+1
source

Source: https://habr.com/ru/post/983424/

More articles:


All Articles