jeudi 29 juin 2017

Generating a Random Salt and use it in Bcrypt

Im trying to use the following code to make sure the same salt is being used in hashing:

<?php
        $binarySalt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
        $salt = substr(strtr(base64_encode($binarySalt), '+', '.'), 0, 22);
        $Password="test";
        echo nl2br ("Salt Value is: " . $salt . "\n");
        $cost=8; 
        $EncryptedEnteredPassword = password_hash($Password, PASSWORD_BCRYPT, ['cost' => $cost, 'salt' => $salt]);
        echo nl2br("Encrypted Form: " . $EncryptedEnteredPassword . "\n");
        ?>

The output I got is as follows:

> Salt Value is: aCEjf/TWi50TE..sOlDm8Q  
Encrypted Form: $2y$08$aCEjf/TWi50TE..sOlDm8O10DI8gD9PD3TlwmgdSBzaCQnQezAAFe

The wierd thing is that the salt's last character always doesn't match, i.e. the first output's line was: Instead of getting Q after 8, I got O, which left me with a completely diferent salt value.

Any ideas of how I could fix this?




Aucun commentaire:

Enregistrer un commentaire