Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I make bcrypt in php and jbcrypt in java compatible

Tags:

java

php

bcrypt

jbcrypt

I want to make register page in php and make the password hashed with bcrypt and put in database.

I also want to make a login system in Java, and get the password in the same password, using jbcrypt.

How can I make jbcrypt and bcrypt in php compatible, with the same salt.

like image 234
Sandro Medeiros Avatar asked Apr 05 '26 16:04

Sandro Medeiros

2 Answers

you can check out this:

https://github.com/ircmaxell/password_compat/issues/49

that's worked for me:

public static void main(String[] args) {
    //Laravel bcrypt out
    String hash_php = "$2y$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO".replaceFirst("2y", "2a");
    System.out.println("hash php " + hash_php);
    //String a_hash = BCrypt.hashpw("123456", BCrypt.gensalt());
    //System.out.println("Encrypt " + a_hash);
    if (BCrypt.checkpw("123456", hash_php)) {
        System.out.println("It matches");
    } else {
        System.out.println("It does not match");
    }
    //mtPruebaRecuperarClave();

}

Console - OutPut

[1]

I hope that's help You.

like image 121
Cristian David Ippolito Avatar answered Apr 08 '26 05:04

Cristian David Ippolito

The problem is that PHP with it's password_hash() has it's own version scheme due to the fact that previous implementations had breaking bugs and it should be possible to recognize the old hashes.

So the version used by OpenBSD is $2a$ (will be $2b$ in future releases) and password_hash() uses $2y$ (previously $2x$), so of course the has will not match e.g.

$2y$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO

vs

$2a$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO

(see the wikipedia article about more info on the versions)

Currently jBcrypt (0.4) only supports $2a$.

There are 2 possibilities:

1. Replace the version identifier manually before passing it to jBcrypt (hack)

String hash_php = "$2y$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO".replaceFirst("$2y$", "$2a$");

2. Using a different implemention supporting custom version identifier

This is the reason I implemented a new library for bcrypt (based on jBcrypt). https://github.com/patrickfav/bcrypt

Just use it like this (it does not verify for version per default, you can use verifyStrict() in that case)

BCrypt.Result result = BCrypt.verifyer().verify(password.toCharArray(), "$2y$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO")
if(result.verified) {...}

If you want bcrypt to create $2y$ hashes:

String bcryptHash = BCrypt.with(BCrypt.Version.VERSION_2Y).hashToString(6, password.toCharArray());
// $2y$10$ss9kwE8iSIqcJOAPhZR0Y.2XdYXJTFJ1/wGq6SUv74vULE7uhKUIO

Full Disclaimer: Im the author of bcrypt

like image 21
Patrick Favre Avatar answered Apr 08 '26 04:04

Patrick Favre
Sign in to Comment

Related questions

Java - Use predicate without lambda expressions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!