Finally stopped copy-pasting code from Stack Overflow for my login form

I used to just grab snippets and tweak them until they worked, but last week I wrote my own authentication logic from scratch. It took me 3 tries to get the password hashing right with bcrypt, but I actually understand what each line does now. Has anyone else hit that point where writing your own code finally clicked?

3 comments

3 Comments

stellat461d ago

Wait, you wrote your own bcrypt implementation from scratch? Like you didn't even use a library? That's crazy man, I can't even get the standard library one to spit out the right hash half the time without triple checking the docs.

phoenix_martin401d ago

Man I've been there with the standard library thing, especially with the salt generation and cost factor. The trick that finally clicked for me was writing a test that checks the hash against a known password and then immediately verifying it with the same function - if it passes that, you know your implementation is right for that specific edge case. I also found that triple-checking the raw bytes vs the base64 encoding is where most of my bugs happened, like accidentally mixing up the order of the salt and the hash in the output. Once I got that sorted, it was actually easier to debug my own code than to fight with the library docs every time I needed to change anything.

nelson.wren1d ago

Pretty sure bcrypt itself isn't a standard library thing. Different libraries, different headaches.