How to compare passwords in Java hashed by devise gem ruby on rails

Question

I am working on a task of authenticating users from mysql db. The user passwords are hashed by devise gem framework for Ruby on Rails.

Docs says it is also using BCrypt to hash the passwords. The problem with jBcrypt is that

BCrypt.checkpw("Google123",  "$2a$10$Qj.7VHa8tJcSFAU9eR1o8eCiXzFSkQPQxpODL971xKiDFbYjdaWyS"); // not working nor 
BCrypt.checkpw("test123test", "$2a$10$vGeVVu.E0XGjlNEa0xMCK.R0SEH0aFuyJpefrq01Axz6WSbHApPEu"); // is working. It always returns false.

Although it should return true since Google123 hashing is

$2a$10$Qj.7VHa8tJcSFAU9eR1o8eCiXzFSkQPQxpODL971xKiDFbYjdaWyS

using BCrypt algorithm.

Can you please help me fix this issue or should I look for some other Implementation of Bcrypt.

May be this will help you : http://stackoverflow.com/questions/277044/do-i-need-to-store-the-salt-with-bcrypt — Ramandeep Singh, Jun 08 '13 at 11:59

score -2 · Answer 1 · answered Jun 08 '13 at 13:55

-2

This should be working just fine. Take a look at the documentation here http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html.

answered Jun 08 '13 at 13:55

Mike M

752
1
5
13

Yes Theoratically it should work but practically its not working. It's returning false every time. Just to mention here the passwords are hashed by devise gem ruby on rails framework and they are in the db. They are working fine in Ruby but not with Java BCrypt API. Any suggestions? – Rahat ALi Jun 08 '13 at 15:38
@RahatALi I'd recommend hashing the passwords in Java to be sure that it's all done the same – Mike M Jun 08 '13 at 19:10

How to compare passwords in Java hashed by devise gem ruby on rails

1 Answers1