password-hash

Why does calling encodePassword() with identical salts and passwords produces diffent hashes in Symfony 4?

人盡茶涼 提交于 2019-12-10 22:46:34
问题 In UserPassword encoder, public function encodePassword(UserInterface $user, string $plainPassword) { $encoder = $this->encoderFactory->getEncoder($user); return $encoder->encodePassword($plainPassword, $user->getSalt()); } encoder gets the salt from user entity. I set a static variable to the getSalt() in User entity: public function getSalt() { return 'my-static-salt'; } But when I encode: $password = $encoder->encodePassword($user, "my-password"); $password2 = $encoder->encodePassword(

password_hash returns NULL

谁说胖子不能爱 提交于 2019-12-10 09:37:42
问题 How come the documentation states that password_hash can return either a string or value false, but the following line of code returns NULL? $password = password_hash($password1, PASSWORD_BDCRYPT, array( 'cost' => 10 )); 回答1: Despite the fact that it is not documented, the function does return NULL when one provides an incorrect value for algorithm. Currently supported constants are: PASSWORD_BCRYPT PASSWORD_DEFAULT And a typo in this case ( PASSWORD_BDCRYPT rather than PASSWORD_BCRYPT )

Argon2 Algorithm in PHP7: understanding the time_cost parameter

可紊 提交于 2019-12-09 08:10:48
问题 I'm trying to implement the Argon2 algorithm in an authentification library. I want to be able to provide some useful tips for the users to set the parameters. While I understand how memory_cost and threads parameters affect the algorithm, I can't seem to wrap my head around the time_cost parameter. What the PHP doc says: time_cost (integer) - Maximum amount of time it may take to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_TIME_COST. Interrogation 1 - The default value is 2.

I got an asignment to decrypt Password hash?

早过忘川 提交于 2019-12-08 15:18:44
问题 I am new to Security and was trying to learn how can I crack my own user's databases. I have user's salt, password hashes and username. The SHA-256 password hash is computed from the concatenation of 3 strings i.e. one constant string potPlantSalt, the password, and the salt. SHA-256 output has been converted into the hexadecimal format and truncated to 32 characters before storing into the database as a string. truncate ( hexstring ( SHA256 ( " potPlantSalt " + password + salt ) ) ) I have

Password_verify in PHP

早过忘川 提交于 2019-12-08 13:32:07
问题 So I'm enabling users to create accounts with a username and password. I have managed to encrypt the password when a user creates a new account using: $hash = password_hash($password, PASSWORD_BCRYPT); However I'm having trouble with password_verify when logging in, could someone please help me with what I have? I know it's something like this: password_verify($password, $hash) But I don't know how to structure it or where to add it in the code. Thanks in advance. This is what I have: <?php

Prestashop 1.7 Customer Password Encryption?

旧城冷巷雨未停 提交于 2019-12-08 07:56:03
问题 I made some third party system based with php for Prestashop 1.6. It works with connecting directly the Prestashop Database. And know Im upgraded my Presta to 1.7.5.1 and IT WORKS. Only It dont log in customers anymore because as I can see Password encryption is changed. I was using md5(COOKIE_KEY.'password') for 1.6, but I see the passwords on 1.7 nothing like md5. Could you tell me how encryption is. (it become much better if you tell me with php code) Prestashop 1.7.5.1 $2y$10

Validating passwords with random salts

喜你入骨 提交于 2019-12-08 06:20:57
问题 I have been trying to learn about hashes and salts stored in a users table withing a mysql DB. I get through with storing them but can't seem to wrap my head around how to validate when the user logs in. I have looked through and seen about storing the salt and hash seperately and together. The salt that I am producing is random. Any ideas? I have posted my code. <?php $password = 'passwordwhatever'; //generate the salt function gen_salt() { $salt = uniqid(mt_rand(), true) . sha1(uniqid(mt

How large should my password salt be? [duplicate]

帅比萌擦擦* 提交于 2019-12-07 17:38:58
问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: What is the optimal length for user password salt? I have a database like below: create table user (id int primary key auto increment, username varchar(64), password varchar(128), # sha512 hash of password password_salt varchar(128) # sha512 hash of a random number used as salt ) Is this a good idea for ensuring password security with a salt? How long should a salt be? I assume that it can't hurt to have a

PHP password_hash function salt length 21 or 22?

我们两清 提交于 2019-12-07 11:24:13
问题 Code: echo password_hash("stackoverflow", PASSWORD_DEFAULT, ['salt' => 'twenty-one-characters'] ); Result: Warning: password_hash(): Provided salt is too short: 21 expecting 22 code: echo password_hash("stackoverflow", PASSWORD_DEFAULT, ['salt' => 'twenty-one-charactersA'] ); Result: $2y$10$dHdlbnR5LW9uZS1jaGFyYOVyX13hK9eb4/KXMAkHsAJX..YR7t/32 code: echo password_hash("stackoverflow", PASSWORD_DEFAULT, ['salt' => 'twenty-one-charactersB'] ); $2y$10$dHdlbnR5LW9uZS1jaGFyYOVyX13hK9eb4/KXMAkHsAJX

Validating passwords with random salts

徘徊边缘 提交于 2019-12-06 21:01:34
I have been trying to learn about hashes and salts stored in a users table withing a mysql DB. I get through with storing them but can't seem to wrap my head around how to validate when the user logs in. I have looked through and seen about storing the salt and hash seperately and together. The salt that I am producing is random. Any ideas? I have posted my code. <?php $password = 'passwordwhatever'; //generate the salt function gen_salt() { $salt = uniqid(mt_rand(), true) . sha1(uniqid(mt_rand(), true)); $salt = crypt('sha512', $salt); return $salt; } //generate the hash function gen_hash(
订阅 password-hash