Bcrypt vs Hash in laravel
I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use:
Option 1 (hash):
<?php
// Page 1
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
// <-- Insert go to page and send GET with $key code here
// Page 2
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
if ($key == $pageOneKey) {
// Execute some code
}
Option 2 (bcrypt):
<?php
// Page 1
$key = Crypt::encrypt(date('Y-m-d'));
// <-- Insert go to page and send GET with $key code here
// Page 2
$key = date('Y-m-d');
$pageOneKey = Crypt::decrypt($key);
if ($key == $pageOneKey) {
// Execute some code
}
This code has been described broadly. With better to use i mean safer / more secure, or something in that trance. Thanks!
Answer
Your second option isn't bcrypt. Laravel's Crypt class uses AES encryption.
As stated in the documentation:
Laravel provides facilities for strong AES encryption via the Mcrypt PHP extension.
As far as I can tell you don't need to be able to decrypt the data, to reverse the encryption. Therefore you should definitely use a hashing algorithm like sha256 in your first option. However Laravel ships with a pretty good hashing class already so why not use that.
Option 3 (Laravel Hash, Bcrypt)
$hash = Hash::make('secret');
$input = 'secret';
if(Hash::check($input, $hash)){
// the input matches the secret
}
Note that you have to use Hash::check() for comparing. You can't just create another hash with Hash::make() and compare them. The generated hash contains a random component, so even if it's the same secret, Hash::make() will produce a different hash every time.