Databases
StackOverflow2013
Postsdbo
POWhy is crypt() generating different results?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy is crypt() generating different results?
    text
    copied!<p>Crypt is generating different hashes with the same input data, and the [following] previously functional hash generator/check is no longer working for authenticating users:</p> <pre><code>public static function blowfish($password, $storedpass = false) { //if encrypted data is passed, check it against input ($info) if ($storedpass) { if (substr($storedpass, 0, 60) == crypt($password, "$2y$08$".substr($storedpass, 60))) { return true; } else { return false; } } else { //make a salt and hash it with input, and add salt to end $salt = ""; for ($i = 0; $i &lt; 22; $i++) { $salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1); } //return 82 char string (60 char hash &amp; 22 char salt) return crypt($password, "$2y$08$".$salt).$salt; } } </code></pre> <p>I'm banging my head against the wall and have found no answers in differences between Zend's internal algorithms vs PHP vs operating system algorithms; or variations between PHP 5.3.8 vs earlier...</p> <p>EDIT: My question is technically answered, and it is my fault I didn't ask properly. I've implemented:</p> <pre><code>$salt = substr(bin2hex(openssl_random_pseudo_bytes(22)), 0, 22); //for ($i = 0; $i &lt; 22; $i++) { //$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1); //} </code></pre> <p>My real question is; why are the following functions returning differently?</p> <pre><code>print(substr($storedpass, 0, 60)."&lt;br /&gt;"); </code></pre> <p>returns: $2y$08$43f053b1538df81054d4cOJyrO5/j7NtZBCw6LrFof29cLBs7giK6</p> <pre><code>print(crypt($password, "$2a$08$".substr($storedpass, 60))); </code></pre> <p>returns: $2a$08$43f053b1538df81054d4cOPSGh/LMc0PZx6RC6PlXOSc61BKq/F6.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload