2

I have a technical question regarding password_hash() & password_verify().

If I run a sample password through password_hash() many times, I get a different result each time. I guess that’s a Good Thing.

The question is how does password_verify() actually verify the candidate password if the actual hash keeps changing?

I ask this question here because it is PHP related.

For those who think this question is a duplicate:

This question is not a duplicated of the linked questions. I am aware that the value changes, and that password_verify_ works with that.

It is a question of how that happens.

Manngo
  • 14,066
  • 10
  • 88
  • 110
  • @Machavity: this is _not_ a duplicate. – Manngo Jun 20 '17 at 03:26
  • It is a duplicate. There's a ton of answers out there on this https://stackoverflow.com/questions/25167132/how-does-password-hash-really-work – Machavity Jun 20 '17 at 03:42
  • @Machavity No, the linked question doesn’t explain how `password_verify` works its magic. Neither do the other linked questions. I did read them. – Manngo Jun 20 '17 at 04:27

1 Answers1

1

As noted on the manual page for the password_hash() function,

The used algorithm, cost and salt are returned as part of the hash. Therefore, all information that's needed to verify the hash is included in it. This allows the password_verify() function to verify the hash without needing separate storage for the salt or algorithm information.

When the same inputs - algorithm, cost, salt and password - are fed into the password calculation, the same output will be generated. Thus, the password_verify() takes the algorithm, cost and salt from the original calculation, generates a new hash using the password being tested, and compares the previous result with the newly generated one. If they match, the verification succeeds, otherwise it's an error.

FKEinternet
  • 1,050
  • 1
  • 11
  • 20
  • A better example would be http://php.net/manual/en/faq.passwords.php. Then include the breakdown, http://php.net/manual/en/images/2a34c7f2e658f6ae74f3869f2aa5886f-crypt-text-rendered.svg. – chris85 Jun 20 '17 at 02:58
  • @chris85 the OP asked how `password_verify()` can verify the candidate password, not for an example. – FKEinternet Jun 20 '17 at 03:00
  • ? Yea... this is how `password_hash` stores the password and because of the format how `password_verify` can compare it... (which is what your quote says). – chris85 Jun 20 '17 at 03:03
  • This is the correct answer, I just want to point out that the salt is the part which is different for multiple subsequent hashes of the same value, resulting in the uniqueness for each hash. The algorithm and cost don't usually change. In fact, 7.2 will be the first time that the algorithm changes for `password_hash` using `PASSWORD_DEFAULT` – Scopey Jun 20 '17 at 03:07
  • @FKEinternet I have already read the link, and I understand that it’s self-contained. I have amended the question to how _does_ it verify? I was wondering how it does its job. – Manngo Jun 20 '17 at 03:16
  • @chris85 I have read your linked reference. Am I correct in understanding that `password_verify` uses the included salt to rehash the password and then compares it with the rest? That is, the hash changes, and so does the salt to match it. – Manngo Jun 20 '17 at 03:18
  • @Manngo A new salt is generated on every run, then the hash is generated by combining salt and password. You can have a look here, https://github.com/ircmaxell/password_compat/blob/master/lib/password.php if you want to get deep into it. – chris85 Jun 20 '17 at 03:20
  • @chris85 Then that’s the answer I was looking for. Would you care to turn that into an answer? – Manngo Jun 20 '17 at 03:28
  • @Manngo Can't answer a closed question. The dups roughly say what I've said though. – chris85 Jun 20 '17 at 03:31
  • Password hashing goes like this; Take the user input. Generate a random **salt** to add extra entropy to the password ensuring a unique hash for repeated values. With a specific **algorithm**, mangle the password in a way that cannot be reversed - this method has a measurable processing time / **cost** that can be specified. Return the hash appended to the salt, algorithm and cost used to generate the hash. Verifying repeats the same process using the salt, algorithm and cost from the given hash, and compares the two hashes. – Scopey Jun 20 '17 at 03:32
  • @Manngo please note the edits of my answer – FKEinternet Jun 20 '17 at 03:33