StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PONot able to verify hashed password
primarykey
Id
17516927
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2013-07-07T22:14:14.697
FavoriteCount
1
LastActivityDate
2013-07-07T22:45:53.467
LastEditDate
2013-07-07T22:45:53.467
LastEditorUserId
1024973
OwnerUserId
1024973
ParentId
0
PostTypeId
1
Score
-1
ViewCount
153
LastEditorDisplayName
text
Body
I'm using SHA-512 to encrypt passwords. I think that I'm doing everything correctly (and even duplicating code that is successful elsewhere), but every time I try to enter a password, it fails to match what I have stored in my database. <pre><code>$sql = "SELECT hashed_password FROM Users WHERE user_name='$username'"; $result = mysql_query($sql); $db_password = mysql_result($result, 0); if (crypt($currentPlaintext, $db_password) != $db_password) { echo "Your current password is incorrect."; die(); } </code></pre> I have verified the following obvious potential problems and eliminated them as causes: 1) There is an encrypted password stored in my database 2) I am able to retrieve this password and store it in the variable $db_password 3) The variables $username and $currentPlaintext do have the correct values as passed over by my ajax function call. So, why isn't this working? Am I missing something obvious? Thanks! EDIT: Thanks for the comments so far. To clarify, as I understand the crypt() function, the second argument of crypt is actually the entire string that is stored in the db. This string includes not only the hashed password, but also the algorithm, salt value, and number of rounds of hashing. The crypt() function is supposed to pull the salt value out of this string and then apply it to hash the first argument. The result is then compared to the previously hashed password. That's why this is so confusing. I don't have to give it a salt value - the salt is there in the database. Am I misunderstanding what is going on in this function? I originally hashed the password with this code: <pre><code>$salt = uniqid(); $algo = '6'; $rounds = '5000'; $cryptSalt = '$' . $algo . '$rounds=' . $rounds . '$' . $salt; $hashedPassword = crypt($plaintext, $cryptSalt); </code></pre>
Tags
<php><php-password-hash>
Title
Not able to verify hashed password
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USKate
UserOwnerUserId
1. USKate
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PONot able to verify hashed password
 UserUserId
 USJorge Bellido
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 PONot able to verify hashed password
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTDownMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.