How To Have The Same Password Compatible With Both Java And Php?
Solution 1:
Solution 2:
I am using laravel default password hasihing algorthim using bcrypt. My problem was to convert it same as in Java. I have achieved the same password using jbcrypt. For example:
Here laravel bcrypted password is = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv." I have taken that string in a variable
String a_hash = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv.";
And the following code gives me the matching password result:
if (BCrypt.checkpw(candidate, a_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
I have used Damien Miller's BCrypt library to achieve this. These are the useful urls: http://www.mindrot.org/projects/jBCrypt/
Using jBCrypt to salt passwords in Android App causes a long hang
Using jBCrypt to salt passwords in Android App causes a long hang
Solution 3:
Firstly, we need to look at what the crypt function in PHP does. php.net states:
"crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system."
Let's assume it's DES, even though DES isn't a hashing algorithm.
Ok, so now we know what "hash" function is used, it's simply a case of implementing it another language (pedantry aside for now, hash functions should always return the same output given the same input).
Here is a link that shows how to implement DES in Java: http://www.mkyong.com/java/jce-encryption-data-encryption-standard-des-tutorial/
Aside, DES is badly broken and should be avoided. At minimum I would recommend SHA-2 for hashing. Additionally, you can't (again, pedantry aside) "decrypt" a hash as hash functions are one way.
Post a Comment for "How To Have The Same Password Compatible With Both Java And Php?"