> Just looking for a bit of clarification on ge...
# adobes
salted
03/21/2023, 10:01 AMJust looking for a bit of clarification on generatebcrypthash and whether it tacks on a salt itself or I should do so before hashing?Anyone Adobe seen this and have an answer or a pointer to docs for me?
a
Adam Cameron
03/21/2023, 11:11 AM
Reading the accepted response to this might help, Ross:
https://stackoverflow.com/questions/6832445/how-can-bcrypt-have-built-in-salts
Also from the PHP docs:
https://www.php.net/manual/en/function.password-hash.php
Specifically:
The salt option is deprecated. It is now preferred to simply use the salt that is generated by default. As of PHP 8.0.0, an explicitly given salt is ignored.I would say the intent here is to let the function take care of the salting.
s
salted
03/21/2023, 11:12 AMCheers, looking at the java implementation also suggested it does do that but I don't know what the cf bif does under the hood which was why I thought I'd check!
a
Adam Cameron
03/21/2023, 11:13 AM
Ah it'll likely be just a proxy for a call to the Java lib.
s
salted
03/21/2023, 11:14 AMThat's also my assumption aye
a
Adam Cameron
03/21/2023, 11:14 AM
Hopefully CF doesn't mung with it on the way through, as it would likely do it badly 😉
s
salted
03/21/2023, 11:23 AMwell, I didn’t want to say that but you’re more of a cynic than I am 😄
2 Views