menu

arrow_back Different password_verify and password_hash?

by
1 vote
I use to store passwords password_hash, on the local everything was fine, moved to the host, and now for one password is displayed different hash, why?

2 Answers

by
0 votes
The hash that password_hash generates contains all the information that password_verify needs to compare the password with this hash. If salt is not set manually, repeated runs of password_hash always give different hashes for the same password, because salt is randomly generated in this case.

3 Comments

LYTK4 Try running password_verify immediately after password_hash to check
LYTK4 , Does it give you any errors? Are the logs clear? Is there enough field length in the database for the hash?
So, why am I on the local server, all is fine, and here no? Checking the password:
if(password_verify($psw, $rowps['pass'])) {
echo "Пароль верный"
} else { echo "неверный"
}
Writing it down in the database
$crpsw = password_hash($psw, PASSWORD_DEFAULT);
// здесь запрос sql
by
1 vote
You won't believe it - that's the whole point of password_hash - to always generate a different hash for the same password.

So that when the evil hacker has downloaded your base, he could not stupidly compare it with the existing database of matching hashes and passwords.