I am developing an application in PHP Laravel. It uses bcrypt encryption to store passwords. I want to keep the history of hashes whenever the user changes the password. By doing this I want to stop user entering the previous passwords in some scenarios. Is it safe to keep the history of hashes?
I am using built in functions. I do not know much about this encryption. According to my observation, if a user changes his password and keep the same as a previous one, the hash values come different. How can I stop him to keep the same password from the previous history? Is it possible while using bcrypt encryption?
Yes that's totally safe. You can compare the new password with your older hashes using Hash::check()
. For example like this ($hashes
being an array of old hashes)
$newPassword = 'secret';
foreach($hashes as $hash){
if(Hash::check($newPassword, $hash)){
exit('Sorry can\'t use the same password twice');
}
}