How To Spend 8 Hours On 2 Lines of Code

What I thought would be a 10 minute job to migrate a few lines of code of PHP to Go turned into a 8 hour marathon of thought and discovery. I needed to move our password hash checking code.

This is really a story about how PHP’s crypt() works (or doesn’t) and why it’s never a good idea to try and generate your own cryptographically secure salts.

You may find this useful if you also need to deal with hashing passwords (granted, there are a lot of other better ways to do this) or you just feel like a few “What the!? Ah ha!” moments.

If the code comment is doing it’s job I shouldn’t need to explain any further…

Originally published at on July 25, 2018.

Written by

I’m a data nerd and TDD enthusiast originally from Sydney. Currently working for Uber in New York. My thoughts here are my own. 🤓

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store