Support the ongoing development of Laravel.io →
posted 10 years ago
Authentication
Last updated 2 years ago.
0

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

  1. You don't have a mutator on the table that automatically hashes passwords, this would result in the hash being hashed again.
  2. Your password column on the table has a 60 character limit. Anything less and you'll chop the hash.
Last updated 2 years ago.
0

Maybe Hash::check() help you.

Last updated 2 years ago.
0

Just tested it without explicitly doing Hash::make() and it seems to be working. I'm using Magniloquent and have only skimmed the documentation for it so it must be automatically hashing the password because the field is called password.

Last updated 2 years ago.
0

jasonlewis said:

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

Last updated 2 years ago.
0

bweston92 said:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

Hash::make() generates a random salt each time it's run, so as to make the hash more secure. As I understand it, that's why it returns a different value each time you run it.

Last updated 2 years ago.
0

bweston92 said:

jasonlewis said:

Hash::make will generate a new hash each time even though the value being hashed is the same. That's just how it works. Some things worth checking:

Hash::make should not make give different responses for the same value. The same value should receive the same value else how would you ever be able to compare? Like a given input password and a stored hashed password.

jscrilla is correct, Laravel uses Bcrypt, and a new salt is generated each time you use Hash::make. so you will get a different hash each time. Older. insecure methods such as MD5 do not return unique hashes and are generally frowned upon.

The mechanics of this aren't something I'm familiar with - but my basic understanding of it is that the salt is embedded in the hashed string, and that plus your app's encryption key (app/config.php) - allows Laravel to check for a match between plain text input and the stored hash (i.e. when authenticating a user login).

The Hash::check helper exists to help you compare a plain text string against a hashed version...

http://laravel.com/docs/security#storing-passwords

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

croxio5 croxio5 Joined 9 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.