In the world of web development and security, protecting user data is of paramount importance. When it comes to safeguarding sensitive information, such as passwords, encryption, and hashing are two fundamental techniques that every developer should be familiar with. Both of these use mathematical algorithms to transform data into a form that is unreadable to humans and (mostly) secure. In this blog, we’ll dive into the concepts of encryption and hashing.
Encryption is a technique used to transform data into an unreadable format, making it secure and confidential. Although, we can decrypt this data in the laravel.
You can encrypt the data using the encrypt() like the below example:
$encryptedValue = encrypt('Hello World'); //Result $enryptedValue = eyJpdiI6IitBcjVRanJTN3hTdnV6REdScVZFMFE9PSIsInZhbHVlIjoiZGcycC9pTmNKRjU3RWpmeW1GdFErdz09IiwibWFjIjoiODg2N2U0ZTQ1NDM3YjhhNTFjMjFmNmE4OTA2NDI0NzRhZmI2YTg5NzEwYjdmY2VlMjFhMGZhYzE5MGI2NDA3NCIsInRhZyI6IiJ9
After encryption, we can decrypt this value using decrypt() like the below example:
$encryptedValue = 'eyJpdiI6IitBcjVRanJTN3hTdnV6REdScVZFMFE9PSIsInZhbHVlIjoiZGcycC9pTmNKRjU3RWpmeW1GdFErdz09IiwibWFjIjoiODg2N2U0ZTQ1NDM3YjhhNTFjMjFmNmE4OTA2NDI0NzRhZmI2YTg5NzEwYjdmY2VlMjFhMGZhYzE5MGI2NDA3NCIsInRhZyI6IiJ9'; $decryptedValue = decrypt($encryptedValue); //Result $decryptedValue = 'Hello World';
So, this is how we can encrypt and decrypt data in laravel. We should use this when we need to decrypt the data later on and use it to show somewhere.
Hashing is used to store passwords in laravel, and it’s a one-way function. It’s impossible to retrieve the original password from the hash output which makes it suitable for password storage.
Laravel Hash facade supports two kinds of hashing algorithms: “Bcrypt”, and “Argon2”. By default, laravel uses the “Bcrypt” algorithm, but you can change that later if you want to use another algorithm.
To get started with Hashing a value, you can use Laravel’s Hash facade. Let’s see an example to get a better understanding.
use Illuminate\Support\Facades\Hash; $hashedPassword = Hash::make('Hello World'); // $hashedPassword = $2y$10$xaKrneg7U4uRyifrluQfbuk/g53PKGXN4K1LSFI4D/W3CmH6rifRK
You can also use the helper method to hash a value like this:
$hashedPassword = bcrypt(‘Hello World’);
Now, As you know, we can’t decrypt the “$hashedPassword” to a normal string, so to verify a simple string with our Hashed value, you can use the Check method as below example:
$plainTextPassword = 'Hello World'; $hashedPassword = ‘$2y$10$xaKrneg7U4uRyifrluQfbuk/g53PKGXN4K1LSFI4D/W3CmH6rifRK’; if (Hash::check($plainTextPassword, $hashedPassword)) { // The password does match... } else { // The password does not match... }
The Hash::check() method will return true if plain text matches with the Hashed value otherwise returns false.
Other than hash and check, it also provides the needsRehash() method to determine if the older hashed password needs to be hashed again.
if (Hash::needsRehash($hashedPassword)) { $hashedPassword = Hash::make($plainTextPassword); }
Note: Only use the Hash algorithm if you don’t have to decrypt the data later.
Hopefully, reading this article has given you a basic understanding of Encryption and Hash, their difference, and confidence to use Encryption and Hash according to the requirements.
For Reference: laravel