I am trying to generate a random salt to be used in hashing a password. I am a bit new to password hashing, but form what I understand, when using BCrypt algorithm, you will get as a result a 60 characters long hashed string.
22 characters Out of these 60 characters should the salt value, which is prepended to the resulting hash.
I used a simple code to make sure that the randomly generated salt is the same one that is going to be prepended to the actual hash:
$salt = substr(strtr(base64_encode(openssl_random_pseudo_bytes(22)), '+', '.'), 0, 22);
echo "Salt Value is: ".$salt . "\n";
The output was: Salt Value is: XKFB8DHMiXaYTzRAHtRhX7
Then I encrypted a password using the same generated salt as follows:
$cost = 8;
$EncryptedPassword = password_hash($Password, PASSWORD_BCRYPT, ['cost' => $cost,'salt' => $salt]);
echo "Encrypted Password: " . $EncryptedPassword . "\n";
The output was not what I expected:
Encrypted format: $2y$10$XKFB8DHMiXaYTzRAHtRhXutlLLG8XIZjj5XGeyoUZobEtnkOn/M/S Where the resulting salt is not exactly the one I used for hashing, i.e. that last character of the salt value is always different.
The randomly generated salt is: XKFB8DHMiXaYTzRAHtRhX7
The resulting salt value is: XKFB8DHMiXaYTzRAHtRhXu
My question is what could be the problem, and how could I get the same randomly generated salt value embedded in the password hashed string without getting it changed?
Aucun commentaire:
Enregistrer un commentaire