I'm wondering, if two users in the database have the same password, the password_hash() will create two different hashes, is that right? And if so, how does it do it?
And how does it work with password_verify() when there are two passwords that are equally the same. I'm trying to understand the works behind this one.
Asked
Active
Viewed 26 times
0
Mizugorou
- 7
- 2
-
1You can check this yourself - hash a password and run it twice, see what it outputs. – Nigel Ren May 18 '21 at 12:03
-
Yes, I know what the output is. I want to know how the function generates different hashes when it's the same password with two different users. – Mizugorou May 18 '21 at 12:04
-
3The difference is created because salt is used. https://en.wikipedia.org/wiki/Salt_(cryptography) – Chris Haas May 18 '21 at 12:07
-
@ChrisHaas so if I understand correctly, each salt is different with every user even if it's the same password? – Mizugorou May 18 '21 at 12:12
-
1There is a lot more information in https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords. – Nigel Ren May 18 '21 at 12:15
-
Yes, it is randomly generated and you can even see the salt in the password string itself – Chris Haas May 18 '21 at 12:16
-
Does this answer your question? [How to use PHP's password\_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – Cheshire Cat May 18 '21 at 15:12