Laravel how to create sha256 hash with salt

Question

I have a running application that uses client-side Sha256 hashing.
I would like to use Laravels serverside bcrypt hashing instead.

My strategy is to wrap all passwords with bcrypt, so I have bcrypt(sha256('password')), and then rehash the password when the user attempts to log in, so I simply have bcrypt('password').

My problem is authenticating the user when they try to log in with a Sha256 password.

I try to authenticate them by running
if (hash('sha256', 'password' . 'salt') == $stored_pw)
But with no luck. I'm only fairly certain that the client-side hashing simply appends the salt, and I'm unsure if Laravels hash function adds a salt of its own.

Here's a hash created by the client from the password 1234567: $5$a0FpUG9JUgkj1d6H$eSSzXebYU87wPAWSTRJGyWw/kOMgDvPqcri4CI1QCV0
I am trying to recreate the same hash using the salt, the password, and Laravels hashing functions.

How do I specify that the Sha256 function should use a specific salt?

Answer 1

Laravel has dedicated Facade Support for this:

use Illuminate\Support\Facades\Hash;


$hash = Hash::make($string);

if (Hash::check($stringYouWantToCompare, $hash)) {
    return true; // Valid
}else {
    return false; // Invalid
}

Answer 2

I use a helper

if (!function_exists('genSSH512')) {
    function genSSH512($value)
    {
        $salt = Str::random(8);

        return  base64_encode(hash('sha512', $value.$salt, true).$salt);
    }
}

Answer 3

Try.

use phpseclib\Crypt\Hash;
or
use Hash

\Hash::make($request->password);

or

$hash = Hash::make('secret');

$input = 'secret';
if(Hash::check($input, $hash)){
    // the input matches the secret
}