x34cha Posted February 4, 2015 Share Posted February 4, 2015 I need help understanding this code, The function private function getHash($string, $version=0, $pepper='') { switch($version) { case 0: return hash('sha256', $string.$this->salt); break; case 1: return '$' . $version . '$' . $pepper . '$' . hash('sha256', $string.$this->salt.$pepper); break; } code $password_hash = $this->getHash($password1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32))); How is it hashing my passwords? I want to know if it is adding a salt to the end of the password and then just sha256ing that? or will the end output be a hash:salt format? Is that what you can see from the code? also what does this mean $this->salt, where is it getting salt from? Quote Link to comment https://forums.phpfreaks.com/topic/294363-sha256-encryption/ Share on other sites More sharing options...
requinix Posted February 4, 2015 Share Posted February 4, 2015 To be clear, SHA256 is not encryption. Encryption is reversible. SHA256 is a hashing algorithm. Hashes are not reversible. Yes, for version 0 it is hashing the string + a salt. The output is the hash and only the hash - not hash+salt (or the more common salt+hash which may be what you meant). For version 1 it returns the version + pepper + the hash of the string+salt+pepper, with some $s mixed in. It emulates crypt output without the benefit of how crypt() works. Which supports SHA256 itself, by the way. $this->salt means the "salt" property on the current object. It's part of object-oriented programming in PHP. The salt was set somewhere else. Quote Link to comment https://forums.phpfreaks.com/topic/294363-sha256-encryption/#findComment-1504823 Share on other sites More sharing options...
NotionCommotion Posted February 4, 2015 Share Posted February 4, 2015 Might wish to consider http://php.net/manual/en/function.password-hash.php instead. 1 Quote Link to comment https://forums.phpfreaks.com/topic/294363-sha256-encryption/#findComment-1504829 Share on other sites More sharing options...
scootstah Posted February 4, 2015 Share Posted February 4, 2015 Might wish to consider http://php.net/manual/en/function.password-hash.php instead. This. There's absolutely no reason to try to do this yourself these days. If you can't use PHP 5.5 then use ircmaxell's backwards compatibility library. 1 Quote Link to comment https://forums.phpfreaks.com/topic/294363-sha256-encryption/#findComment-1504837 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.