How To Authenticate With Sha256 & hash() ?

@novice2022Aug 09.2022

Howdy,

Even though this example works without using hash() or sha256 but by using password_hash() where salt is built-in:

**SAMPLE 1**

[code] $password = ‘password’; echo $hashed_password = password_hash($password,PASSWORD_DEFAULT); //60 line hashed characters.

if(password_verify($password,$hashed_password)) { echo ‘Logging in’; } else { echo ‘Incorrect Details!’; } [/code]

I cannot seem to get it to work with sha256 AND hash().
Both these following 2 are failing to authenticate properly. Why ?

**NOTE
Remember, the above was using password_hash() and the two below are trying to use just hash(), where salt is not built-in**

**SAMPLE 2**

[code] $password = ‘password’; $salt = ’12’; $salted_hashed_password = hash(‘sha256′,$password.’12’);

$secured_password = password_hash($salted_hashed_password,PASSWORD_DEFAULT);

if(password_verify($password,$secured_password)) { echo ‘Logging in’; } else { echo ‘Incorrect Details!’; } [/code]

How to fix it as I get echoed …?
**‘Incorrect Details!’**

**SAMPLE 3**

[code] $password = ‘password’; $salt = ’12’; $salted_password = $password.’12’; $hashed_salted_password = hash(‘sha256’,$salted_password);

$secured_password = password_hash($hashed_salted_password,PASSWORD_DEFAULT);

if(password_verify($password,$secured_password)) { echo ‘Logging in’; } else { echo ‘Incorrect Details!’; } [/code]

How to fix it as I get echoed here too …?
**‘Incorrect Details!’**

to post a comment

PHP

6 Comments(s) _↴

@novice2022authorAug 09.2022 — #This is working ....

<i>
 </i>//SAMPLE 4
 
 $password = 'password';
 $salt = '12';
 $salted_password = $password.'12';
 $hashed_salted_password = hash('sha256',$salted_password);
 
 $secured_password = password_hash($hashed_salted_password,PASSWORD_DEFAULT);
 
 if(password_verify($hashed_salted_password,$secured_password))
 {
 echo 'Logging in';
 }
 else
 {
 echo 'Incorrect Details!';
 }

But is this the proper way of coding or not ? Orthodox or not ?

And why did not my codes 2 & 3 not work ? I have a hunch why the 3 did not work as I did not decrypt twice since I encrypted it twice (once with hash() and once with password_hash()). But, still do enlighten me on my mistake.

And, and it is a big AND, I have not a single clue why 2nd example did not work! Can someone enelighten me ?

@novice2022authorAug 09.2022 — #Hi,

All these 4 codes seem to be working on my experiments. I did not copy them from anywhere. My own code.

Now, can you tell me if any of them is bad coding or unorthodox by giving reason why ?

**EXAMPLE 1**

<i>
 </i>$password = 'password';
 $hashed_password = password_hash($password,PASSWORD_DEFAULT); //60 line hashed characters.
 
 if(password_verify($password,$hashed_password))
 {
 echo 'Logging in';
 }
 else
 {
 echo 'Incorrect Details!';
 }
 [code]
 
 **EXAMPLE 2**
 [code]
 $password = 'password';
 $hashed_salted_password = hash('sha256',$password.'12');
 
 $secured_password = password_hash($hashed_salted_password,PASSWORD_DEFAULT);
 
 if(password_verify($hashed_salted_password,$secured_password))
 {
 echo 'Logging in';
 }
 else
 {
 echo 'Incorrect Details!';
 }

**EXAMPLE 3**

<i>
 </i>$password = 'password';
 $salt = '12';
 $salted_password = $password.'12';
 $hashed_salted_password = hash('sha256',$salted_password);
 
 $secured_password = password_hash($hashed_salted_password,PASSWORD_DEFAULT);
 
 if(password_verify($hashed_salted_password,$secured_password))
 {
 echo 'Logging in';
 }
 else
 {
 echo 'Incorrect Details!';
 }

**EXAMPLE 4**

<i>
 </i>$password = 'password';
 $salt = '12';
 $salted_password = $password.'12';
 $hashed_salted_password = hash('sha256',$salted_password);
 
 $secured_password = password_hash($hashed_salted_password,PASSWORD_DEFAULT);
 
 if(password_verify($hashed_salted_password,$secured_password))
 {
 echo 'Logging in';
 }
 else
 {
 echo 'Incorrect Details!';
 }

@NogDogAug 09.2022 — #> @novice2022#1645731 I cannot seem to get it to work with sha256 AND hash().

It's one method or the other, not both -- they are two different ways to do essentially the same thing. Either...

* Use password_hash() and password_verify() (in which case you'll probably just use the default PASSWORD_BCRYPT algorithm -- sha256 is not an option), and let it take care of the salt automatically for you.

* Use hash() along with an explicit salt and whichever algorithm you choose (that it supports), and apply it both to the password you're storing in the database and the input value you're checking.

But doing both hash() and password_hash() is redundant at best, and doesn't really gain you anything.

@novice2022authorAug 09.2022 — #@NogDog#1645734

Mmm.

But guess what ? You know I said I cannot get it to work with both password_hash() and hash() ? Well, this time I did! Glance up at my previous post edited.

I am guessing you are gonna say my last 3 codes are unnecessary as I used both functions hash() and password_hash(). Yes ? Can you confirm ?

Anyway, can you show me an example how you yourself make use of the sha256 by getting password verified using password_verify() ?

Guess why I used both functions ? Cos I saw this tutorial doing it:

https://phpgurukul.com/how-to-salt-hash-a-password-using-sha256/

Do have a quick look and let me know if the tutorial is bad coding or not.

Maybe, they used both to have salted twice. ? ()Once by default by using password_hash() and once manually by using hash() ?).

Yes ? If so, then is it a good idea to do this or not to make encryption double strong? If so, then my 2nd, 3rd & 4th codes are above GREAT ? Yes ?

Thanks a bunch!

@NogDogAug 09.2022 — #> @novice2022#1645735 Anyway, can you show me an example how you yourself make use of the sha256 by getting password verified using password_verify()

Nope. I wouldn't ever have reason to try. I'd either just use password_hash() along with password_verify(), which does not support sha256 and as such I would instead use one of it's algorithms (or just let is use its default) along with it's built-in salting mechanism; or else I would would just use hash() along with specifying the sha256 algorithm (or whichever other one it supports you choose to use) along with whatever salt I want to add. I see no reason to do both.

> @novice2022#1645735 let me know if the tutorial is bad coding or not

Looks pretty yucky to me. At a quick glance, looks like they hash the hash of a hash, which to my mind is useless complexity and triple the processing time.

@novice2022authorAug 09.2022 — #@NogDog#1645736

Mmm. Ok. I understand.

Then it means, I will have to change my code here then ...

https://forum.webdeveloper.com/d/400361-why-array-leaks-memory-on-every-page-reload

But still, I still wanna know why the heck the array auto deletes the data without my saying so!

Btw, do you mind listing all your programming langs you learnt and what yrs in your profile or atleast here. Just curious to see what you know and how many yrs experience. That's all. I know you are a grand dad and so guessing you been programming from 80;s from COBOL and so. I'm middle aged and no do not know any programming langs apart from php very little.

4am here. See ya tomorrA or so!

Good night!

Also in #PHP _↴

.txt file to RSS feed How to make a subpattern replace with number directly after?HELP! making a form for submitting an e-mail address

Success!

Help @novice2022 spread the word by sharing this article on Twitter...

Tweet This

How To Authenticate With Sha256 & hash() ?

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

How To Authenticate With Sha256 & hash() ?

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴