<?php function myhash(string $pwd): string { // Use md5 to make sure arbitrary length passwords are represented fully and not truncated. return password_hash(md5($pwd, true), PASSWORD_BCRYPT); } function myverify(string $pwd, string $hash): bool { return password_verify(md5($pwd, true), $hash); } var_dump(md5('mj'), md5('oq')); $hash = myhash('mj'); // Original password 'mj' is not the same as attack password 'oq', but they verify. var_dump(myverify('oq', $hash));
You have javascript disabled. You will not be able to edit any code.