I encounter problem when I try to use this project
This
<?php
require_once("lib/password.php");
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
echo password_hash("how_are_you", PASSWORD_BCRYPT) . "<br/>";
gives me :
$2y$10$7Tv8qkqYByD6XOy1ZVh97OfqrZmeVGxkK1KAtOQOQQvotLY6YsLPm
$2y$10$UlV2D6cSiN1OxZhwPwTdq.le/bI2p1ZPAi0s6ZZALR2OIjxiKSXBi
$2y$10$mdEfoCiAM83gfM3dkdSID.oPPsdWCszDiN3CxiaC4htALeDIb34tO
$2y$10$TOrANsMbfWEdA6asD//yYuA4.fckGHxnFgg0EmC8vPI6.hcfjrKZ.
$2y$10$itBEZCBZzkxunZmamRzjiu8YtM0H71pADPDVwomLep/DSHHdRmd16
$2y$10$xV8fQhFw/v3NBnMvgHw8P.eaIL/1oEdZ2/gx4QmC.CNT.5hG5LQc2
$2y$10$XXdEEhSxfwH6f6OBIKSScOa0JRhe4kaKphWfHOct/nbbw1JjFkO3y
$2y$10$RXGVYn5KcWB.O0Owv8fk0e.LDcZn2RhgoE4Q3fFjnNL6tLYk8Chj6
$2y$10$R62hVVqydGW0raQR5O2QW.BEaMIrdpXgPBbKH9OKIHh2e0Cwtd//u
$2y$10$I0Kf8JHpTb5QbYoUssTBP.Hch4dZWdmL.CGzgKYf4cpGfHIL6vuWa
However, results should be the same.
Environment:
No, the results shouldn't be the same because each occurrence uses a different salt, that's one of the features that makes it a lot harder to crack, because every user password, and every reset password has a different salt value. It makes it almost impossible to use rainbow tables to brute force passwords
That's why you use password_verify() to match the user-entered password with the stored password, rather than re-use password_hash() again