Laravel 5: using bcrypt on one line gives different values

Question

Laravel 5: using bcrypt on one line gives different values

I am using the Laravel bcrypt function to hash passwords. When i do this

 bcrypt('secret')

I get

 => "$2y$10$mnPgYt2xm9pxb/c2I.SH.uuhgrOj4WajDQTJYssUbTjmPOcgQybcu"

But if I run it again, I get

 => "$2y$10$J8h.Xmf6muivJ4bDweUlcu/BaNzI2wlBiAcop30PbPoKa0kDaf9xi"

etc.

So, will the password matching process fail if I get different values each time?

+6

bcrypt laravel laravel-5

user6737580 Aug 29 '16 at 3:10

source share

1 answer

linuxartisan · Accepted Answer · 2016-08-29T03:14:25+0000

This is how bcrypt should work. See wikipidea .

Bcrypt generates a random 128-bit salt during hashing. This salt becomes part of the hash, so we always get a different hash value for the same input string. Random salt is actually used to prevent brute force attacks.

The password matching process will not end due to different hash values. Try the following in tinker

 $hash1 = bcrypt('secret') $hash2 = bcrypt('secret') Hash::check('secret', $hash1) Hash::check('secret', $hash2)

You should get true in both cases Hash::check .

Thus, even if the hash values are different, the password match will not be completed.

Laravel 5: using bcrypt on one line gives different values

More articles: