Jump to content

Recommended Posts

I need help understanding this code,

The function

private function getHash($string, $version=0, $pepper='') {
switch($version) {
case 0:
return hash('sha256', $string.$this->salt);
break;
case 1:
return '$' . $version . '$' . $pepper . '$' . hash('sha256', $string.$this->salt.$pepper);
break;
}

code

$password_hash = $this->getHash($password1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));

How is it hashing my passwords?

 

 I want to know if it is adding a salt to the end of the password and then just sha256ing that? or will the end output be a hash:salt format?

 

Is that what you can see from the code? also what does this mean $this->salt, where is it getting salt from?

Link to comment
https://forums.phpfreaks.com/topic/294363-sha256-encryption/
Share on other sites

To be clear, SHA256 is not encryption. Encryption is reversible. SHA256 is a hashing algorithm. Hashes are not reversible.

 

Yes, for version 0 it is hashing the string + a salt. The output is the hash and only the hash - not hash+salt (or the more common salt+hash which may be what you meant).

For version 1 it returns the version + pepper + the hash of the string+salt+pepper, with some $s mixed in. It emulates crypt output without the benefit of how crypt() works. Which supports SHA256 itself, by the way.

 

$this->salt means the "salt" property on the current object. It's part of object-oriented programming in PHP. The salt was set somewhere else.

Link to comment
https://forums.phpfreaks.com/topic/294363-sha256-encryption/#findComment-1504823
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.