-2

I have used the PHP crypt function to hash password. For example: 

<?php

$hash = '$2y$08$ffWmSGZOM5pNJpHNvpqMa.z01BL25WGoXViaWYhxS0WRaftgAxhkC';
$test = crypt("test", $hash);
$pass = $test == $hash;

echo "Test for functionality of compat library: " . ($pass ? "Pass" : "Fail");
echo "\n";

NOW: If i use php bcrypt password_hash() function i get this following output:

Password: test

bcrypted password using password_hash() is : $2y$08$ffWmSGZOM5pNJpHNvpqMa.z01BL25WGoXViaWYhxS0WRaftgAxhkC

Now I want to have the same output in Android Java. My questions are:

  1. How can I achieve this?
  2. Is there any class file or default function in android java so that I can use to achieve this?
  3. Do I have to write a custom function to achieve this?

I also want to decrypt the password using java.

Any answer with an example will be appreciated. Advance thanks to all.

Nafiu Lawal
  • 447
  • 1
  • 7
  • 16
techhunter
  • 300
  • 5
  • 18
  • 5
    You can't un-hash a hash, you can only match one hash with another. If you can "un" something with the changed password then you're de-crypting it, meaning it was an encrypted text, not hashed. – Jonast92 Jan 06 '14 at 15:49
  • Hi jonast92, thanks for your reply. But it does not make any sense related to my questions!? – techhunter Jan 06 '14 at 16:01
  • 2
    If you have a misunderstanding of the subject then it's worth commenting as long as I don't post it as an answer, even though it's not a solution to the problem you know if it may be a solution to the problem that you do not know of, in this case the meaning of hashing and encrypting. Anyway I can't see how the answer hasn't been answered in the answers; they was that if you use the exact same algorithm then you will get matching hashes which is what you want, have you tried creating hashes with the same algorithm but in the different languages and then matching the outcomes? – Jonast92 Jan 06 '14 at 16:18
  • Hi Jonast92 ..thanks for your reply. Please have a look on this para: "NOW: If i use php bcrypt passowrd_hash() function i get this following output: Password: test bcrypted password using passowrd_hash() is : $2y$08$ffWmSGZOM5pNJpHNvpqMa.z01BL25WGoXViaWYhxS0WRaftgAxhkC" . i am using bcrypt algorithm in php. i want same in java. So how can i achieve the same in Java!? – techhunter Jan 06 '14 at 16:42
  • Have you tried matching them with the built in matching functions which I assume exist? Hashing the same password twice should not give you the exact same hash, so just because you're not getting the exact same hashes doesn't mean they won't match. Do you see where I'm going? The pattern of the hashes should match, not the actual final outcome of the strings. – Jonast92 Jan 06 '14 at 16:55
  • I did not down-vote. Anyway, what articles / posts have you found concerning this topic and why did they not help you? For example: http://stackoverflow.com/questions/10079700/password-hashing-compatible-with-java-and-php – Jonast92 Jan 06 '14 at 17:09
  • @techhunter so why http://www.mindrot.org/projects/jBCrypt/ (linked from the thread Jonast92 provided) is not working for you? – Nickolay Jan 07 '14 at 04:48
  • 2
    first off, if you use the same hashing algorithm it wont matter what language it will return the same. Second, you cant really unhash. – SaggingRufus Jan 06 '14 at 15:44

3 Answers3

2

If you insist of using bcrypt in Java. Try this, jBCrypt.

Adeel Ansari
  • 39,541
  • 12
  • 93
  • 133
2

I am using laravel default password hasihing algorthim using bcrypt. My problem was to convert it same as in Java. I have achieved the same password using jbcrypt. For example:

Here laravel bcrypted password is = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv." I have taken that string in a variable 

String a_hash = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv.";

And the following code gives me the matching password result:

if (BCrypt.checkpw(candidate, a_hash))
            System.out.println("It matches");
        else
            System.out.println("It does not match");

I have used Damien Miller's BCrypt library to achieve this. These are the useful urls: http://www.mindrot.org/projects/jBCrypt/

Using jBCrypt to salt passwords in Android App causes a long hang

Using jBCrypt to salt passwords in Android App causes a long hang

Community
  • 1
  • 1
techhunter
  • 300
  • 5
  • 18
1

Firstly, we need to look at what the crypt function in PHP does. php.net states:

"crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system."

Let's assume it's DES, even though DES isn't a hashing algorithm.

Ok, so now we know what "hash" function is used, it's simply a case of implementing it another language (pedantry aside for now, hash functions should always return the same output given the same input).

Here is a link that shows how to implement DES in Java: http://www.mkyong.com/java/jce-encryption-data-encryption-standard-des-tutorial/

Aside, DES is badly broken and should be avoided. At minimum I would recommend SHA-2 for hashing. Additionally, you can't (again, pedantry aside) "decrypt" a hash as hash functions are one way.

TEK
  • 1,265
  • 1
  • 15
  • 30
  • Hi DHT, thanks for your reply. But it does not give me any clear answer related to my questions!? I want to have the same password using for both php and java! How can i do that? – techhunter Jan 06 '14 at 16:03