So I read a quick PHP login system securing article, and was trying to sort of duplicate their hashing method, and during testing, am not getting the proper output.
Here is my code:
function decryptPassword($pw, $salt){
$hash = hash('sha256', $salt . hash('sha256', $pw));
return $hash;
}
function encryptPassword($pw){
$hash = hash('sha256', $pw);
$salt = substr(md5(uniqid(rand(), true)), 0, 3);
$hash = hash('sha265', $salt . $hash);
return array(
'salt' => $salt,
'hash' => $hash
);
}
And here is my testing code:
$pw = $_GET['pw'];
$enc = encryptPassword($pw);
$hash = $enc['hash'];
$salt = $enc['salt'];
echo 'Pass: ' . $pw . '<br />';
echo 'Hash: ' . $hash . '<br />';
echo 'Salt: ' . $salt . '<br />';
echo 'Decrypt: ' . decryptPassword($hash, $salt);
Now, the output of this should be pretty obvious, but unfortunately, the $hash variable always comes out empty! I'm trying to figure out what the problem could be, and my only guess would be the second $hash assignment line in the encryptPassword(..) function. After a little testing, I've determined that the first assignment works smoothly, but the second does not.
Any suggestions? Thanks SO!
