i got code off php website. can make work without salt. how verify salt - or have stored variable use later? not sure how proceed next step verify. lots of tutorials on how make hash, verify thing. thank you.
$options = [ 'cost' => 11, 'salt' => mcrypt_create_iv(22, mcrypt_dev_urandom), ]; echo password_hash("rasmuslerdorf", password_bcrypt, $options)."\n"; // see password_hash() example see came from. $hash = '$2y$11$njp/w0oc41i0m44t9oqkbuwurqi63prjuvdc68ki6odbdnzk01kiw '; if (password_verify('rasmuslerdorf', $hash)) { echo 'password valid!'; } else { echo 'invalid password.'; }
note password_hash() returns algorithm, cost , salt part of returned hash. therefore, information that's needed verify hash included in it. allows verify function verify hash without needing separate storage salt or algorithm information.
source: http://php.net/manual/en/function.password-verify.php
just use function did above, automatically detect salt.
if omitted, random salt generated password_hash() each password hashed. intended mode of operation.
source:http://php.net/manual/en/function.password-hash.php
even if don't add salt, password_hash automatically add random generated one, shouldn't have problem verifying password has been salted.
also note that:
the salt option has been deprecated of php 7.0.0. preferred use salt generated default.
Comments
Post a Comment