I have a simple question about encryption using bcrypt with salt.
When in old projects I used md5, to verify in a login form if the user entered the correct password and to authenticate, it was usual to take the value that the user typed and to encrypt in md5 and to look for in the bd. >
But as in bcrypt using random salt does not do it, then I did the following:
I get the email or cpf that the user typed in the login field, I look for in the bd the corresponding record and I use the password stored in the bd (hash) as salt and the password entered by the user as the string in the crypt function ($ string, $ salt) and return the function compared with the password stored in bd, and by logic the function must generate exactly the hash itself.
Follow a piece of my code just so you can better understand what I'm talking about
//Exemplo da busca com cpf
$buscar = $con->prepare("SELECT * FROM usuarios WHERE cpf =:cpf");
$buscar->bindValue(":cpf", $login);
$buscar->execute();
$row = $buscar->fetch();
//Armazena a senha que esta no bd
$senha_armazenada = $row['senha'];
//Comparação que estou fazendo
if(crypt($senha_digitada, $senha_armazenada) === $senha_armazenada)
And that's working, but I want to know if it's the right way to do it.