-3

I'm working for a company and I have to remake their API to Golang from Php. The previous developer was using Phpass with Php, however, I need to use it with Golang.

I searched about how to implement phpass in go but it doesn't seems to work as well as in php.

I saw these github implementations:

gopass — Implement phpass algorithm in go

phpass — A go implementation of the PHPass password ...

Maybe it's weird, but does it works the same in Php? For me, each time I get a new hashed password for the same password/using. I also never did php, so I don't really know how to test this class/library (phpass)

Thank for help !

Emixam23
  • 3,854
  • 8
  • 50
  • 107
  • If your hashing is backed by `bcrypt` then the resulting hash is expected to be different on each generation. This is by design. Consuming and validating different hashes generated by the same password should all work. – Martin Gallagher May 02 '16 at 08:52
  • Thank for your answer ! What do you mean by "consuming and validating"? I'm not sure to understand – Emixam23 May 02 '16 at 09:04
  • I.e. using https://godoc.org/golang.org/x/crypto/bcrypt#CompareHashAndPassword – Martin Gallagher May 02 '16 at 10:20

2 Answers2

2

The different hashes are the result of salting, each password should get its own unique salt. This salt is then included together with other parameters in the resulting hash string, so a password_verify() function can extract it to verify an entered password.

According to this answer, the Go language seems to implement the BCrypt algorithm. This would be the default of the phpass library, if the hashes where not generated with a very old PHP version. If your hashes start with the signature $2y$... chances are good that the BCrypt implementation is compatible with the hashes generated by PHP.

Community
  • 1
  • 1
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
0

For:

phpass — A go implementation of the PHPass password ...

you can just check user login with this:

var hasher = phpass.New(nil)
result := hasher.Check([]byte("Password"), []byte("Hash in database"))
fmt.Println(result)
kooworx
  • 75
  • 5