Tuesday, 10 July 2018

password_verify() returns false for correct password

Hey guys, I've just recently learned about the new hashing functions of PHP5.5+, but unfortunately I'm getting mixed results after I deciding to try them out myself.
Here is the code, nothing else is on the page:
<?php
$password = "Hello";
$hash = password_hash($password, PASSWORD_DEFAULT);

echo $hash;
?>
Whenever I echo this value, and copy it from the page to the function:
<?php 

var_dump(password_verify("Hello", "Hash I copied from rendered page));

?>
It returns bool(false).
On the other hand, if I do:
<?php

$password = "Hello";
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;

var_dump(password_verify("Hello", $hash));

?>
It returns true.
Is there some sort of formatting or security measure being applied to the echoed $hash?? I've tried google to no success.
Using password_get_info() on the copied $hash I get the following:
array(3) { ["algo"]=> int(0) ["algoName"]=> string(7) "unknown" ["options"]=> array(0) { } }
Something is clearly being lost here.
Thank you for your time guys.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)