salts stored wrong in database.!

Question

My test function :

<?php

include_once("core/init.php");

$admin = new Admin();
$name = "akhil";
$password = "daydreamers";
$salt = Hash::salt(24);
$hash = Hash::make($password,$salt);
/*echo $hash;
echo "<br/>";*/
$admin->newAdmin($name,$hash,$salt);
$dsalt = $admin->getSalt($name);
if($salt != $dsalt){
    echo "Wrong";
}
/*echo Hash::make($password,$dsalt);
echo "<br/>";
//$admin->verify($name,$password);
echo $admin->getPassword($name);*/

?>

Hash class :

<?php

class Hash{
    public static function make($string,$salt=''){
        return hash('sha256', $string . $salt);
    }
    public static function salt($length){
        return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
    }
}

?>

database structure

The salt i'm storing and the salt retrieved from database are not matching. I have gone through the other posts which seem to suggest increasing the column size but its not working.

Answer 1

Since you are working with passwords, I suggest to switch to the password_hash() function, and forget about the unsafe implementation above. The password_hash() function will take care about the salt, and you don't need to store it separately, just store the hash in a single varchar(255) field.

// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);

// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);