问题
Laravel uses bcrypt to hash passwords.
According to this article, at some point in the process, the Hash::make function creates and uses a 22-length random string as a salt to generate the password.
For a single distinct password, Hash::make does return unique hashes, hinting that it does use some kind of salting somewhere in the process.
But these salts are not stored in the users table, where I would expect them. How does laravel know the appropriate hash to use to verify the password?
Laravel Hash Explained
回答1:
The article that you linked seems to contain the answer. https://mnshankar.wordpress.com/2014/03/29/laravel-hash-make-explained/
The cleverness of this is that the algorithm, salt and cost are embedded into the hash and so can be easily parsed out into individual components for reconstruction/verification (Please see relevant sections of the php crypt source code at https://github.com/php/php-src/blob/master/ext/standard/crypt.c#L258). Because of this, you don’t need to store the salt/cost separately in a database table.
来源:https://stackoverflow.com/questions/32030933/where-are-laravel-password-salts-stored