Encryption and Hashing

Updated: Feb 3, 2020 — 1 min Read#quick-dip

As we mentioned earlier, APP_KEY has nothing to do with hashing passwords. It's used for encrypting and decrypting values in your application. Encryption and hashing are two different things.

Encryption works by scrambling data, only a person with the encryption key can unscramble it. Hashing, on the other hand, works by converting data into a fixed size string that cannot be reverted back to its original value.

Laravel uses hashing to store passwords in your database. If the user provided value is "secret", Laravel will store the following in the database:

$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2

There's no way we can know the original value. However, the next time the user signs in we can compare the password he provides with the password he chose when he signed up. If the check passes, that means the user has provided the correct password.

Hash::check(
  $input,
  '$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2'
);

You can hash values anywhere in your code by using the Hash facade:

Hash::make('value');
By Mohamed Said

Hello! I'm a full-stack web developer working at Laravel. In this publication, I share everything I know about Laravel's core, packages, and tools.

You can find me on Twitter and Github.

Join the mailing list

If you like this article, you may want to consider joining the mailing list to receive new content once it is posted.
This site was built using Wink. Follow the RSS Feed.