<?php $a = base64_encode(random_bytes(54)); // 72 chars $b = $a . random_bytes(33); // Same 72 character prefix, with junk added after the end $hash = password_hash($a, PASSWORD_BCRYPT); // Since $b has junk added to the end, we'd expect this to return // bool(false) var_dump(password_verify($b, $hash));
You have javascript disabled. You will not be able to edit any code.