Jump to content
  • 0

Password hashing



7 answers to this question

Recommended Posts

  • 2

Yeah, first of all you need to write your own hash function.

public function make($value) {
    return hash("sha256", $value);

Also, the password is double hashed. You first need to hash the password and then hash the result with the salt, so something like this; (EDIT: Ah, I see you already got that far!)


public function validateCredentials(Authenticatable $user, array $credentials)
        // Check that given credentials belong to the given user        
        $username= $credentials['username'];
        $pass = $credentials['password'];     
        $hashedPass = strtoupper(str_replace(["-", "–"], '', Hash::make($pass)));
        $saltedPass = strtoupper(str_replace(["-", "–"], '', Hash::make(strtoupper($hashedPass) . $user->salt)));
        $valid_user = IntersectUser::where(['username' => $username, 'pass' => $saltedPass])->first();
        if ($valid_user) {
            return TRUE;
        return FALSE;


Once the source is released, I'm going to pick up work on the web companion again.

Link to comment
Share on other sites

  • 0

Pretty sure you posted about this in Discord, and you got very close:




But you're not using SHA256, you're using BCRYPT which you wrapped in a method called SHA256.



You already found this: 

And we've explained the basics of how it works (which you've understood, given your example above but using the wrong hashing algorithm and not generating and saving the salt)

Basically, you're really close and despite me constantly telling you that and telling you to stop using BCRYPT you want us to just do it for you? :7_sweat_smile:

Link to comment
Share on other sites

  • 0
43 minutes ago, SonicMicro234 said:

Relax....your using an open source program to make your *Ahem hobby.....

I wouldnt go as far as password hashing. Also we could easily read it in VS,VB or whatever the fuck you compiling it in.

It's not that he's adding it in, it's already a thing in Intersect. He's trying to make it work with external passwords. :P

Link to comment
Share on other sites

  • 0

Hey, sorry for my English ;)

I wrote a php code that encodes a password in php and wanted to share it.

$password = $_POST['YourPassword'];
function strToHex($string){
    $hex = '';
    for ($i=0; $i<strlen($string); $i++){
        $ord = ord($string[$i]);
        $hexCode = dechex($ord);
        $hex .= substr('0'.$hexCode, -2);
    return strToUpper($hex);
$salt = "AD07665AE12767B2B712752595D0E4C16479B01D07E66AF9F9E6081C811C4C21"; //Salt pulled from the database
$pass = strToHex(hash('sha256',$password,true)).$salt;
$hash = strToHex(hash('sha256',$pass,true));


Link to comment
Share on other sites

  • Create New...