labas GamePage visogero February 2016

Does laravel safe hashes user passwords?

So I'm running one project created with Laravel 5.1 and one guy said to me that passwords are not secure something like hashes don't used etc. But I can clearly see in this function that passwords are bcrypted:

protected function create(array $data)
{
    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => bcrypt($data['password']),

    ]);
}

And passwords also stored in DB as bcrypted. Should I be worried about his words?

Answers


patricus February 2016

Default Laravel Auth requires passwords to be bcrypted, as you've shown in your code. bcrypt is an industry standard one-way password hash and is very good.

If you roll your own authentication, we can't control how you handle your password hashing. But default Laravel Auth is secure.


Jilson Thomas February 2016

If you are not using Laravel's inbuilt Authentication, use Laravel's Hash class. Hash::make('$data['password']'). But in your case, it looks solid and you don't have to worry about hashing again.


Ralph John Galindo February 2016

You can read https://laravel.com/docs/5.1/installation#configuration about the Application Key. Because of bcrypt , you can only decrypt a password where it was encrypted.

I am not saying that it is perfectly safe, but even if someone knows how bcrypt works, if they don't know the encryption key, they will have a hard time decrypting it.

So make sure to php artisan key:generate , if you are not using .env configuration file.

Post Status

Asked in February 2016
Viewed 3,100 times
Voted 14
Answered 3 times

Search




Leave an answer