I have this code:
$password = vancab123;
password_hash(base64_encode( hash('sha512',$password, true) ), PASSWORD_DEFAULT );
Database stored value:
$password = $2y$10$jUa8ZEFBX5lfsBmySUnJFeSSyKwQ1v/emazJZPh8MwJ0g0lLbmjYC;
My Problem:
I used that on "remember me" function. If the user used that function his/her credentials (email and password) will be saved for 7 days using cookie.
My problem is because the email and password will automatically fill up the email and password text boxes, the password text box characters is too long because it was hashed.
How can I match the length of the hashed password to the original/unhashed password?
And you dont need to jump through all those hoops to use password_hash and this is how to check that an entered password matches the previously hashed password
The point of a HASH is it cannot (within a sensable time frame) be converted back to its original value. Instead you have to compare it using password_verify() to the unhashed value the user enters when they return and attempt to login using the same password.
$password = 'vancab123';
$hashed_pwd = password_hash($password);
// test the hashed password
if ( password_verify($password, $hashed_pwd) ) {
//password entered is OK
} else {
//password entered is WRONG
}
ADDITION after you clarified your question:
Read this for a Remember me functionality What is the best way to implement "remember me" for a website?
A hash is a one way transformation of an arbitrary value. They are by nature irreversible. In your case you will have to hash the password provided by the user, retrieve the value from the db, and do the comparison of both hashed values.
The only alternative would be the paradigm behind a rainbow attack, in which you hash every conceivable possibility and store them as key value pairs, but that is a lot of data.
来源:https://stackoverflow.com/questions/40076870/how-to-decrypt-a-sha512-encrypted-variable