Encryption and Hashing

Updated: May 10, 2020 — 1 min Read#quick-dip

As we mentioned earlier, APP_KEY has nothing to do with hashing passwords. It's used for encrypting and decrypting values in your application. Encryption and hashing are two different things.

Encryption works by scrambling data, only a person with the encryption key can unscramble it. Hashing, on the other hand, works by converting data into a fixed size string that cannot be reverted back to its original value.

Laravel uses hashing to store passwords in your database. If the user provided value is "secret", Laravel will store the following in the database:

$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2

There's no way we can know the original value. However, the next time the user signs in we can compare the password he provides with the password he chose when he signed up. If the check passes, that means the user has provided the correct password.

Hash::check(
  $input,
  '$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2'
);

You can hash values anywhere in your code by using the Hash facade:

Hash::make('value');

For more information on Hashing, Encryption, and Digital Signatures. Check this short video:


Hey! 👋 If you want to receive updates on what I'm up to, I host a newsletter on my website themsaid.com and would love to have you.

You can also follow me on Twitter, I regularly post about all things Laravel including my latest video tutorials and blog posts.

By Mohamed Said

Hello! I'm a full-stack web developer working at Laravel. In this publication, I share everything I know about Laravel's core, packages, and tools.

You can find me on Twitter and Github.

This site was built using Wink. Follow the RSS Feed.