1

I have a Laravel existing project where they use Laravel default encryption (i.e Hash::make('')) for user registration,so in database they saved the data with this encryption format.

Now I am creating API's using Node for the same MySQL database.So for those password decryption I have used Node bcrypt package.But the decryption is not working and I am getting error for JWT authentication token.I have used "algorithm": "RS256" for this Node API.So can anyone tell me if I did something wrong or I have to choose another package(in node) or any other algorithm(in node).

I think that is becrypt. Now when I am creating the API's with Node I have used Node be

Zoe
  • 27,060
  • 21
  • 118
  • 148
iamarindamsarkar
  • 21
  • 1
  • hashing is not encryption, you can't turn the hashed password back into the plain text version ... you have to use what ever facility there is to do a hash check – lagbox Nov 15 '19 at 19:13
  • Laravel has both encryption/decryption and hashing logic available. I hope your passwords are using hashing, otherwise you have a serious security vulnerability. But as stated, hashing is a one-way function; you can't unhash something to see the plain-text equivalent. You can only generate a hash and compare it to an existing hash to see if it's the same. – Tim Lewis Nov 15 '19 at 19:17
  • You should check the hash to see if it matches with password. Using node bcrypt package, it seems you need this: // Load hash from your password DB. bcrypt.compare(myPlaintextPassword, hash, function(err, res) { // res == true }); – Hamid Alaei Nov 15 '19 at 19:56
  • I don't want the hashed password give me a plain text version .I just asked why the bcrypt.compare is not working in my Node API (if laravel use bcrypt or HASH). @Hamid I did the same thing but don't know what is wrong ? is this only package in node is bcrypt right ? – iamarindamsarkar Nov 16 '19 at 19:41
  • Did u find any solution ? – Anandan K Aug 20 '21 at 18:08

1 Answers1

1

Passwords in Laravel are hashed, which is different to encrypt them, because Hash is not reversible, when encryption can be reversed.

Furthermore, in order to let Node be able to decrypt encrypted data, you should share with Node the key that Laravel has used to encrypt that data, and that's absolutely very dangerous, because everyone than can have that key, and so if he finds a breach in you sql, like a possibility to run SQL injection, than he can use that key to decrypt that data

Alberto Sinigaglia
  • 12,097
  • 2
  • 20
  • 48
  • luckily they are not dealing with encryption :) – lagbox Nov 15 '19 at 20:39
  • 1
    @Alberto thanks for your contribute. I need to know why the bcrypt.compare is not working in my Node API .is there any other package to compare this password – iamarindamsarkar Nov 16 '19 at 19:50
  • Oh sorry, maybe I’ve missunderstood the question... so, you have 2 project, one PHP Laravel and the second one Node js for the api, right? And you are saying that the Node api can’t decrypt some information from the database which was previously encrypted by Laravel right? So what I can suggest you is to first of all, check the compatibility for the node version to the Laravel encryption version, second, to check if the key set on Node is the same as the key set on the .env under APP_KEY on your Laravel project – Alberto Sinigaglia Nov 16 '19 at 20:49
  • 1
    With check compatibility, I mean this https://stackoverflow.com/questions/26643587/comparing-bcrypt-hash-between-php-and-nodejs – Alberto Sinigaglia Nov 16 '19 at 20:53