I have a web application in php that makes register of a user and when a user puts password I put this code to Hash with Bcrypt
password_hash($password, PASSWORD_BCRYPT)
and I want to make the same thing in Java, and I put this
BCrypt.hashpw(passTxt.getText(),BCrypt.gensalt())
and the two password don't matches. what can I do to the passwords matches?
You will need to use the same salt in PHP and JAVA in order to get the same result. They wont be exactly the same, but almost.
I wrote almost, because if you use the password_hash() function in PHP, then the prefix of the result will be different from the result generated by other techniquest. The hash generated by password_hash() will start with this prefix $2y$, however other methods will generate the exact same hash, but with the $2a$ prefix.
Here is a java code:
import org.mindrot.jbcrypt.BCrypt;
class Test {
public static void main(String[] args) {
System.out.println(BCrypt.hashpw("applewood", "$2a$10$8lMtqu7E3veYGcm1bHId5u"));
}
}
Where the result is: $2a$10$8lMtqu7E3veYGcm1bHId5u32B7MH48xPXqMVKlNSYX3rnnHyKvYQi
Let's see it in PHP:
<?php
print crypt("applewood", "$2a$10$8lMtqu7E3veYGcm1bHId5u") . "\n";
print password_hash("applewood", PASSWORD_BCRYPT, array("salt" => "8lMtqu7E3veYGcm1bHId5u"));
The result will be the following: **$2a$**10$8lMtqu7E3veYGcm1bHId5u32B7MH48xPXqMVKlNSYX3rnnHyKvYQi **$2y$**10$8lMtqu7E3veYGcm1bHId5u32B7MH48xPXqMVKlNSYX3rnnHyKvYQi
To learn more about the prefixes in the salt and the result hases in Bcrypt, read this article.
