Home/ Questions/Q 8209545
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T09:45:39+00:00

I am trying to implement a password hashing/salting algorithm from crackstation.net , but I

  • 0

I am trying to implement a password hashing/salting algorithm from crackstation.net, but I am unsure how implement it.

Storing the password upon user registration seems to be as simple as passing the password into create_hash().

$password = create_hash($_POST['Password'];

I’m not following how to validate upon user login. validate_password($password, $good_hash) returns either true or false, and takes $password as parameter, so it seems like a no brainer except for the second parameter $good_hash. Where does this param come from?

It is my understanding that password is turned into a hash value every time its used, and that the hash value is what is stored and compared. So why would I have both the $password and $good_hash values?

Quick overview of the functions:

function create_hash($password){
    calls pbkdf2()
}

function validate_password($password, $good_hash){ 
    calls pbkdf2() 
    calls slow_equals() 
}

function slow_equals($a, $b){
}

function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false){
}

Of course a different, better method for this would also be just as helpful.
Thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    good_hash has been stored in the DB at this point and is the known “good hash.” Retrieve it from the DB and compare it to the password the user has been submitted that has now been hashed with the same algorithm.

    • 0