0

I tried the top solution post from How do you use bcrypt for hashing passwords in PHP? but can't seem to get an example working. I copied the Bcrypt class and added the following code at the bottom of it. 

$bcrypt = new Bcrypt(15);

// pw on server. Used $pwHash = $bcrypt->hash($formPassword); to get the hash from 'qwerty'.
$serverPw = '$2a$15$Ty6hIEEWFpUFHoKujvdmw.9kmyrwYip2s8TLdjDfNoVJuQx/TGgwu'; 

// user enters plain text pw...
$passAttempt = 'qwerty';

// attempt to check the attempted password against the server hashed pasword.
$pwVerify = $bcrypt->verify($serverPw, $passAttempt); 

if ( $pwVerify == 1 ) {echo "$pwVerify = true";} else {echo "$pwVerify = not true";}
// I also tried if ($pwVerify) and if ($bcrypt->verify($serverPw, $passAttempt))
// Output is "= not true"

What is wrong here?

Improve this question
1
  • No error, just "= not true" as the result of the conditional if. Commented Jul 4, 2012 at 10:07

1 Answer 1

Reset to default
2

You must store the password AND the salt used when you BCrypt, or you'll never get the same string. This class seems pretty broken to me, don't use it. See this example and the documentation to directly use PHP's crypt function.

Edit : You probably should use PHPPass, seems like a well tested and referenced library.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I haven't looked deep enough into it to say that the class is broken, but the salt is supposedly concatenated into the hash, it's the first part after $2a$15$....
Read this also, great source of information and it recommands OpenWall implementation for PHP

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.