Databases
StackOverflow2013
Postsdbo
POWhy is crypt() returning different hashes with the same salt?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy is crypt() returning different hashes with the same salt?
    primarykey
    data
    text
    <pre><code>public static function blowfish($password, $storedpass = false) { //if encrypted data is passed, check it against input ($info) if ($storedpass) { if (substr($storedpass, 0, 60) == crypt($password, "$2a$08$".substr($storedpass, 60))) { return true; } else { return false; } } else { //make a salt and hash it with input, and add salt to end $salt = "143cd669b02e155c3cca6e";//substr(bin2hex(openssl_random_pseudo_bytes(22)), 0, 22); //for ($i = 0; $i &lt; 22; $i++) { //$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1); //} //return 82 char string (60 char hash &amp; 22 char salt) return crypt($password, "$2a$08$".$salt).$salt; } } print(substr($storedpass, 0, 60)."&lt;br /&gt;"); print(crypt($password, "$2a$08$".substr($storedpass, 60))."&lt;br /&gt;"); print(substr($storedpass, 60)); </code></pre> <p>Produces the result:</p> <pre><code>$2a$08$143cd669b02e155c3cca6eM3k8s9BdE4jErJXJ8wSxshJDPcJQVPW $2a$08$143cd669b02e155c3cca6eEiYm6ilW1ZC1PBS07LOh2XSq1NODSKK 143cd669b02e155c3cca6e </code></pre> <p>You can see I was previously generating a random salt of 22 characters, and I know all about PHPASS, that mt_rand() is not a CSPRNG, etc etc. What confuses/concerns me is simply why crypt() (given $password = 'admin') generates a different hash even using a static salt. You can see I've printed the substr($storedpass, 60) which generates the proper salt, but then running the crypt() function (with the same parameters to create the initial $storedpass) it generates a different result, breaking authentication for a (relatively small and not mission-critical) application of mine...</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USKneeSkrap3r
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. COIt's recommended to just pass the entire hash in as the salt: PHP will take care of substrings and such for you.
      singulars
      1. POWhy is crypt() returning different hashes with the same salt?
      1. USWaleed Khan
    2. COhttp://stackoverflow.com/a/2237009/759019
      singulars
      1. POWhy is crypt() returning different hashes with the same salt?
      1. USAnirudh Ramanathan
    3. COHow does that value 60 relate to the salt? Why don't you use constants?
      singulars
      1. POWhy is crypt() returning different hashes with the same salt?
      1. USMaarten Bodewes
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload