As we mentioned earlier, APP_KEY
has nothing to do with hashing passwords. It's used for encrypting and decrypting values in your application. Encryption and hashing are two different things.
Encryption works by scrambling data, only a person with the encryption key can unscramble it. Hashing, on the other hand, works by converting data into a fixed size string that cannot be reverted back to its original value.
Laravel uses hashing to store passwords in your database. If the user provided value is "secret", Laravel will store the following in the database:
$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2
There's no way we can know the original value. However, the next time the user signs in we can compare the password he provides with the password he chose when he signed up. If the check passes, that means the user has provided the correct password.
Hash::check(
$input,
'$2y$10$KhNRpDYd.UpZZikSLyTlf.hzQAPetwHzWPQkZhyPI3G2PIOI5Qdd2'
);
You can hash values anywhere in your code by using the Hash
facade:
Hash::make('value');
For more information on Hashing, Encryption, and Digital Signatures. Check this short video: