Blowfish in CakePHP is generating different passwords everytime

Question

I\'m having trouble implementing Blowfish Hashing in CakePHP. I\'ve done it many times before but something really strange is happening this time.

When I do this in

Answer 1

This is expected behaviour. Blowfish hashes contain the randomly generated salt, the resulting hash, the number of rounds used to arrive at that resulting hash, and the method used for hashing. Let's break down your first example: Method: $2a Rounds: $10 Hash+Salt: $Ow67P5proa7LqBwlXCLFQOc/2WyfvSVNtBLNA5PMb2wxWuoK0mrvq

When authenticating, the hash string is split by the $ delimiter, and grabs the salt out of the final token. It's usually a fixed length from the end depending on the algorithm used(in this case it's probably /2WyfvSVNtBLNA5PMb2wxWuoK0mrvq). The steps to authenticate are then:

1. Get plaintext
2. For 2^$Rounds:
3. Hash plaintext or result of previous round.
4. Append the $Salt to the result

The hash is then $Method$Rounds$Result$Salt. Check the result against what is recorded in the database - if the output matches, the supplied plaintext is correct.