Android Question How to generate a $2y$ hashed data

[toby]

I need a function at B4A side to generate a hashed data, same as php's password_hash() does (Bcrypt, random salt), so that at my server side I can use php's password_verify() to verify that this is indeed one of my own requests before granting access to mysql database.

Any helps/tips would be greatly appreciated.

 

[DonManfred]

    Dim bc As BCrypt
    Dim hash As String = bc.hashpw("Test",bc.gensalt)
    Log(hash) ' $2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u

I tried the generated hash with PHP. password_verify returns TRUE

$pw = "$2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u";
if (password_verify("Test",$pw) == true){
  echo "password_verify returns TRUE";
} else {
  echo "password_verify returns FALSE";
}

 

[toby]

I've verified that it works. I also notice that they returns different prefix.


=============== ===================
php's password_hash(): $2y$
bcrypt's hashwp(): $2a$

I'm not sure if that's important. Here you can learn more about prefixes : https://en.wikipedia.org/wiki/Bcrypt

 

[DonManfred]

I also notice that they returns different prefix.


=============== ===================
php's password_hash(): $2y$
bcrypt's hashwp(): $2a$

I'm not sure if that's important.

The question was about a method which can be used in PHPs password_verify.
This is given.

If PHP was not able to understand the prefix then it would have returned false i guess.