Maybe this will help? from php.net
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
On 29 January 2013 14:17, Andreas Möller <a...@localheinz.com> wrote:
> Hello list,
>
>
> I want to hash and verify password using Zend\Crypt, but I'm a bit
> irritated by a discrepancy in the docs and the actual code:
>
> Docs say:
>
> use Zend\Crypt\Password\Bcrypt;
>
> $bcrypt = new Bcrypt();
> $securePass = 'the stored bcrypt value';
> $password = 'the password to check';
>
> if ($bcrypt->verify($password, $securePass)) {
> echo "The password is correct! \n";
> } else {
> echo "The password is NOT correct.\n";
> }
> * see
> https://zf2.readthedocs.org/en/latest/modules/zend.crypt.password.html?highlight=crypt
>
> Code says:
>
> /**
> * Verify if a password is correct against an hash value
> *
> * @param string $password
> * @param string $hash
> * @return boolean
> */
> public function verify($password, $hash)
> {
> return ($hash === crypt($password, $hash));
> }
>
> So, shouldn't the verify() method use the salt to encrypt the password?
> The expression would only evaluate to true ever if crypt returned the
> second parameter, i.e, the salt.
>
>
> Best regards,
>
> Andreas
