Password_hash returns a value each time

Question

Password_hash returns a value each time

I am creating a login system and I want hash passwords to make them more secure, but each time it returns a different hash and cannot even be verified with password_verify (), here is my code:

$password = password_hash($password4, PASSWORD_DEFAULT);

and here is my code to check:

 if(password_verify($password4, $dbpassword))

+6

php passwords hash php-password-hash

ItzBenteThePig Oct 13 '15 at 17:15

source share

1 answer

Machavity · Accepted Answer · 2015-10-13T17:35:59+0000

So let it take one piece at a time

but each time returns a different hash

This is an idea. password_hash designed to generate random salt every time. This means that you need to break each hash individually, instead of guessing the single salt used for everything and having a huge leg.

There is no need for MD5 or any other hashing. If you want to increase password_hash security, you get a higher cost (the default cost is 10)

 $password = password_hash($password4, PASSWORD_DEFAULT, ['cost' => 15]);

Regarding verification

 if(password_verify($password4, $dbpassword))

So $password4 should be your unmanaged password, and $dbpassword should be the hash that you saved in your database

Password_hash returns a value each time

More articles: