0

I created user and I gave him password 'secret'. The hash that was generated by the registration process is 

$10$TKh8H1.PfQx37YgCzwiKb.KjNyWgaHb9cbcoQgdIVFlYg7B77UdFm

I wanted to generate it in the code so I used Hash::make('secret') and I got:

$2y$10$Hnbg7DCp2VObns4cbr580uo9VTYgzJF2BSNSpA7S8BYjkAgfUlH.G

finally I used bcrypt('secret') and I got:

 $2y$10$5g1bhkHB7kRk8SkM3yS/YOifsEesjZ31YeYnRlE.bxSBmZutVCuui

These are all different hashes, How can I generate one that would let me change password inside my code?

Zbyszek Kisły
  • 2,110
  • 4
  • 26
  • 48
  • Please post what you have tried so far. Please take a moment to review the following how-to resources: [How to Ask](https://stackoverflow.com/help/how-to-ask) and [How to create complete examples](https://stackoverflow.com/help/mcve). – Boken Apr 11 '19 at 07:11

4 Answers4

1

It's because bcrypt doesn't work as SHA-256, it uses a key that would change the result of the hash itself for the same string. In Laravel, you can use Hash::check('plain-text', $hashedPassword) to check the password, but you will never have the same result for the same password. check here

Julien METRAL
  • 1,894
  • 13
  • 30
0

You can use bcrypt(secret") and leave it at laravel and test it (everything is working).

Surender Singh Rawat
  • 899
  • 4
  • 14
0

It works as intended, bcrypt doesnt always generate the same hash. Laravels Hash::check() function will return true for any valid hash of the given password.

For mor informations, look here: https://stackoverflow.com/a/8468936/6622577

Manuel Mannhardt
  • 2,191
  • 1
  • 17
  • 23
0

Bycrypt is a more secure password hashing algorithm. Unlike md5() or SHA1() bycrypt does not always generate the same hashed value for a specific string.

So when you are storing the hashed password in the database you will use 

$password = bcrypt($input['password']);

Afterwards, when you wish to check at the time of login you simply set the plain-text password (As you might be getting it from user input) and run a function called Auth::attempt() to match the password.

$userdata = array(
    'username'      => $input['username'],
    'password'      => $input['password'],
);


if (Auth::attempt($userdata)) {
    // Password matched
}

And if you want to explicitly check the plain-text password corresponding to its hash then use Hash::check() as below:

Hash::check('plain-text-password', 'hashed-password);
Dibyendu Mitra Roy
  • 1,604
  • 22
  • 20