Bcrypt hashing depends on the password and the salt and (like any hashing algorithm) it is fully deterministic.
If the password and the salt are the same, the result will be the same. If either the password or the salt changes, the result will change.
When you use crypt($password, $hashedPassword)
, bcrypt is not using the hashed password as the salt. It is extracting the salt from the hashed password and then using that.
The result of crypt
is $2y$number$salt-hashedpassword
, so if you take the beginning of the hashed password you get the original salt.
Note how the result of crypt($password, $salt)
starts with the value of $salt
.