I am facing a problem that's literally driving me nuts. Following scenario is given:
- Application A - Manages the users
- pw created using Bcrypt(), cost 14
- Application B - fetches the User-Data and stores it inside it's local db
- pw verified through bcrypt(), cost 14
Bcrypt implementation via Zend\Crypt\Password\Bcrypt
So, whenever I create a fixed password on App A, synchronize them, authentication on App B works.
However, whenever I create a random password on App A, synchronize them, authentication on App B just won't work.
I pass the password created through a session to a front-end after a redirect.
$password = (string) rand(2938, 9578);
//$password = '12345678';
$bcrypt = new Bcrypt();
$bcrypt->setCost(14);
$entity->setPassword($bcrypt->create($password));
$entityService->save($entity);
$this->flashMessenger()->setNamespace('MpuServerUser')->addSuccessMessage(
"Benutzer-PIN erfolgreich erneuert. PIN: {$password}"
);
return $this->redirect()->toRoute('mpuserveruser');
As you can see that's the part that I'm facing troubles with. Whenever I create a new password for a User with a given string '123456'
, there are no problems, whatsoever.
But when I use the uncommented part $password = (string) rand(2938, 9578);
the password I'm getting on my front-end won't authenticate.
There's no differences between trying with rand()
or mt_rand()
. Anyone any idea what the heck is going on here? ^^
Update - apparently only passwords that are of 6 chars or longer do work. Even if I set a predefined password of only 4 letters, it won't work.