0

the database already been created and the hashed password + salt has been stored inside it

im trying to do hash for the login password however i cant get the same hashed password result when i run it in flutter using the crypto: ^3.0.2 package

password : Admin1234

salt : ????@???R????k]?????$I"?fmP

algo : SHA-256

results:

PHP/MySQL : d0a09d26a26196c8609d9f8ffd8a671ae0124752eea7bf338ca54f6f7f1b5e3e

Flutter : df2a65dc4abd86afad3a6b0e30ba217fb881c23e259a3072c09480525a79216d

  void _login(){
    db.getConnection().then((conn){
      String sql = 'SELECT salt FROM user WHERE email = "${username.text}"';
      conn.query(sql).then((results){
        if(results.isNotEmpty){

          for(var row in results){
            setState(() {
              salt = row[0];
            });
          }

          String password =  _password.text;
          String salted = password + salt;
          var bytes = Latin1Encoder().convert(salted);
          var digest = sha256.convert(bytes);



          print(digest);

        }
        else
          print('login failed');

      });
    });
  }

<?php
class Hash{
    public static function make($string, $salt = ''){
        return hash('sha256', $string . $salt);
    }
    
    public static function salt($length){
        return random_bytes($length);
    }
    
    public static function unique(){
        return self::make(uniqid());
    }
}
?>
Muhammad Amiruddin
  • 1
  • 1
  • Hashing isn't intended to produce the exact same result every time you hash the same value. Also though you didn't show us the PHP code so it's hard to make any meaningful comparison in the methodologies either. – ADyson Mar 28 '23 at 09:09
  • @ADyson so for hashed password how does it works after the password has been hashed for the first time and saved the result in the database ? how do i verify the hashed password if the the algorithm wont produce the same result ? – Muhammad Amiruddin Mar 29 '23 at 01:58
  • In PHP you would use password_verify() - see [How to use PHP's password_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) for details. See also [How does password_hash/password_verify in php work?](https://security.stackexchange.com/questions/188137/how-does-password-hash-password-verify-in-php-work) – ADyson Mar 29 '23 at 07:01

0 Answers0