WOJTALAK

🔥 NEWSLETTER 🔥BLOGPORTFOLIOABOUT MECONTACT

Think Laravel Hashing Depends on APP_KEY? Think Again!

March 6, 2024

Hashing

 

Our main character today will be…

 

Hash::make('password')

 

Is Hash Dependent on the Environment?

 

Hash::make() generates a password hash independently of the system.

 

Why am I mentioning this? Throughout my career, I've often come across the opinion that if we create a password for a user using Hash::make() in one environment, it will be impossible to log in with the same password in another environment with a different APP_KEY in Laravel.

 

Nothing could be further from the truth!

 

Hash::make() hashes passwords the same way, regardless of the environment.

 

public function make($value, array $options = [])
{
    $cost = $options['rounds'] ?? $this->cost;

    return password_hash($value, PASSWORD_BCRYPT, [
        'cost' => $cost,
    ]);
}

 

As you can see, our hasher does not use APP_KEY or any other salt.

 

Reach out to me! Find me on linkedin!

 

Want to stay updated? Join my newsletter and get a weekly report on the most exciting industry news! 🚀