Laravel使用bcrypt来哈希密码.
根据这篇文章,在这个过程的某个时刻,Hash :: make函数创建并使用一个22长的随机字符串作为salt来生成密码.
对于单个不同的密码,Hash :: make会返回唯一的哈希值,暗示它确实在进程中的某个地方使用某种salting.
但是这些盐并没有存储在用户表中,我希望它们存在于用户表中. laravel如何知道用于验证密码的相应哈希?
解决方法:
您链接的文章似乎包含答案.
https://mnshankar.wordpress.com/2014/03/29/laravel-hash-make-explained/
The cLeverness of this is that the algorithm, salt and cost are
embedded into the hash and so can be easily parsed out into
individual components for reconstruction/verification (Please see
relevant sections of the PHP crypt source code at
07001).
Because of this, you don’t need to store the salt/cost separately in a
database table.
