Support the ongoing development of Laravel.io →
croxio5
posted 10 years ago
Authentication
Last updated 1 year ago.
0
jasonlewis
replied 10 years ago

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

  1. You don't have a mutator on the table that automatically hashes passwords, this would result in the hash being hashed again.
  2. Your password column on the table has a 60 character limit. Anything less and you'll chop the hash.
Last updated 1 year ago.
0
metude
replied 10 years ago

Maybe Hash::check() help you.

Last updated 1 year ago.
0
croxio5
replied 10 years ago
Solution

Just tested it without explicitly doing Hash::make() and it seems to be working. I'm using Magniloquent and have only skimmed the documentation for it so it must be automatically hashing the password because the field is called password.

Last updated 1 year ago.
0
bweston92
replied 10 years ago

jasonlewis said:

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

Last updated 1 year ago.
0
jscrilla
replied 10 years ago

bweston92 said:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

Hash::make() generates a random salt each time it's run, so as to make the hash more secure. As I understand it, that's why it returns a different value each time you run it.

Last updated 1 year ago.
0
andrewbnz
replied 10 years ago

bweston92 said:

jasonlewis said:

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

jscrilla is correct, Laravel uses Bcrypt, and a new salt is generated each time you use Hash::make. so you will get a different hash each time. Older. insecure methods such as MD5 do not return unique hashes and are generally frowned upon.

The mechanics of this aren't something I'm familiar with - but my basic understanding of it is that the salt is embedded in the hashed string, and that plus your app's encryption key (app/config.php) - allows Laravel to check for a match between plain text input and the stored hash (i.e. when authenticating a user login).

The Hash::check helper exists to help you compare a plain text string against a hashed version...

http://laravel.com/docs/security#storing-passwords

Last updated 1 year ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

croxio5 croxio5 Joined 9 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise