I have a running application that uses client-side Sha256 hashing.
I would like to use Laravels serverside bcrypt hashing instead.
My strategy is to wrap all passwords with bcrypt, so I have bcrypt(sha256('password')), and then rehash the password when the user attempts to log in, so I simply have bcrypt('password').
My problem is authenticating the user when they try to log in with a Sha256 password.
I try to authenticate them by running
if (hash('sha256', 'password' . 'salt') == $stored_pw)
But with no luck. I'm only fairly certain that the client-side hashing simply appends the salt, and I'm unsure if Laravels hash function adds its a salt of its own.
Here's a hash created by the client from the password 1234567: $5$a0FpUG9JUgkj1d6H$eSSzXebYU87wPAWSTRJGyWw/kOMgDvPqcri4CI1QCV0
I am trying to recreate the same hash using the salt, the password, and Laravels hashing functions.
How do I specify that the Sha256 function should use a specific salt?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire