Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Bcrypt vs Hash in laravel

I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use:

Option 1 (hash):

<?php

// Page 1

$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);

// <-- Insert go to page and send GET with $key code here

// Page 2

$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);

if ($key == $pageOneKey) {
    // Execute some code
}

Option 2 (bcrypt):

<?php

// Page 1

$key = Crypt::encrypt(date('Y-m-d'));

// <-- Insert go to page and send GET with $key code here

// Page 2

$key = date('Y-m-d');
$pageOneKey = Crypt::decrypt($key);

if ($key == $pageOneKey) {
    // Execute some code
}

This code has been described broadly. With better to use i mean safer / more secure, or something in that trance. Thanks!

like image 929
Dees Oomens Avatar asked Mar 06 '15 13:03

Dees Oomens


2 Answers

If you never need to decrypt the key for further use, the first option is better.

If you need to get the key back after it's been encrypted, the second option will be better.

like image 38
user1669496 Avatar answered Oct 09 '22 17:10

user1669496


Your second option isn't bcrypt. Laravel's Crypt class uses AES encryption.
As stated in the documentation:

Laravel provides facilities for strong AES encryption via the Mcrypt PHP extension.

As far as I can tell you don't need to be able to decrypt the data, to reverse the encryption. Therefore you should definitely use a hashing algorithm like sha256 in your first option. However Laravel ships with a pretty good hashing class already so why not use that.

Option 3 (Laravel Hash, Bcrypt)

$hash = Hash::make('secret');

$input = 'secret';
if(Hash::check($input, $hash)){
    // the input matches the secret
}

Note that you have to use Hash::check() for comparing. You can't just create another hash with Hash::make() and compare them. The generated hash contains a random component, so even if it's the same secret, Hash::make() will produce a different hash every time.

Hashing - Laravel docs

like image 159
lukasgeiter Avatar answered Oct 09 '22 18:10

lukasgeiter