Android Question [B4A] Invalid salt revision error using BCrypt

snich

Member
I'm having an issue checking BCrypt hashed passwords using this library: BCrypt - Create salted Hashes (compatible with PHP).
This error occurs when I'm checking the password:
Error:
(Exception) java.lang.Exception:  java.lang.IllegalArgumentException: Invalid salt revision

I created an online store (web/PHP) for a school project, now I'm assigned to make an app for it using B4A and I'm stuck with this problem.
The password is 'closa' and here is the hash:
Hash:
$2y$10$H1rGh3KLC3bhjpIGUYbkveZ2XmkNVjTqx2Mx6QPpOgbBwqSqde8Oa

The password was created using PHP's password_hash using PASSWORD_DEFAULT which is BCRYPT according to this link:
https://www.php.net/manual/en/function.password-hash.php

My PHP version is 7.4.26.
 

toby

Well-Known Member
Licensed User
Longtime User
you should provide a sample project that can be used to reproduce the problem
 
Upvote 0

snich

Member
you should provide a sample project that can be used to reproduce the problem
Yeah, I forgot to include my code. But, it was just a simple code. I grab the hashed password from the database and compare it to user's input.
B4X:
Sub Process_Globals
    Private Bcrypt As BCrypt
End Sub

Sub Service_Create
    Bcrypt.Initialize("Bcrypt")
End Sub

Sub UserLogin
    If Bcrypt.checkpw(PasswordFromInput, PasswordFromDatabase) = True Then 'I got the error from this line
        'Logic here
    Else
        ...
End Sub


I actually came up with an idea of recreating the hash using Bcrypt library and manually replace the user's passwords on the database with it so I can proceed coz I'm running out of time.
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
Upload a small project showing the problem.
Hard to give any answer without knowing what code xou are using.

Are you setting a salt when generating the hash?
If so then please note
Warning
The salt option is deprecated. It is now preferred to simply use the salt that is generated by default. As of PHP 8.0.0, an explicitly given salt is ignored.
 
Upvote 0

snich

Member
Upload a small project showing the problem.
Hard to give any answer without knowing what code xou are using.

Are you setting a salt when generating the hash?
If so then please note
No salt.
I only did in PHP is this:
PHP:
$hashed = password_hash($password, PASSWORD_DEFAULT);
// then $hashed goes to the database
 
Upvote 0
Top