correct use of password_hash

安稳与你 提交于 2019-12-06 16:06:47
$2y$10$.YHHLeFYcQoE6c//vl587uIFTOljmpmuDnSA0w0dxo1Rrpvi5zM9m
|  |  |                    |                               |
|  |  |                    |                               |
|  |  |                    |---------------------------------Hashed Password
|  |  |----------------------Salt
|  |----Cost
----Algorithm

The hash contains all the information necessary to see if the password matches the hash for a given string. You know the algorithm it was hashed with, the salt, and what it hashed to. So all you have to do is supply a string, pass it through the same algorithm with the same salt and cost, and it will either equal the hash or not.

So to answer your question, yes it is supposed to work like that. The salt changes every time, which means the hashed password changes every time, but you can always check if a password hashes to the same hashed password, because the hash contains the salt.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!