Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP - Bcrypt hash comparison always fails

<?php

require 'password.php';
$hash1 = password_hash('testpassword',PASSWORD_BCRYPT,array('cost' => 11));
$hash2 = password_hash('testpassword',PASSWORD_BCRYPT,array('cost' => 11));

if(password_verify($hash1,$hash2)) echo 'Pass';
else echo 'Fail';

?>

I'm trying to use bcrypt provided by the password_compat library with PHP 5.4.16, but this script always outputs "Fail" even though it's comparing two hashes of the same password, why?

Edit - Just for clarification, I realize the hashes aren't identical, otherwise I'd just compare them instead of using a function.

like image 833
Cains Avatar asked Sep 03 '25 10:09

Cains


1 Answers

You need to pass the password and the hash to password_verify():

password_verify('testpassword', $hash1)

Note: testpassword is password without hash

References:

  • http://php.net/manual/en/function.password-verify.php

PS: password_hash generates different results expectedly, since it contains a random salt

like image 172
zerkms Avatar answered Sep 05 '25 00:09

zerkms