Can I validate bcrypt passwords form PHP 7 (Symfony) against vb.net (BCrypt.net)?

Question

I've an existing web service with a lot of users. These users have usernames and bcrypt passwords. These passwords look like this:

"$2y$10$0veojsfh43..."

Now, I've created a vb.net application and want to re-use te login from my web service. The application logic works just fine but the problem starts at validating the password from my web service. I'm using BCrypt.net and it gives the error "Invalid salt revision". Whatever I do there seems to be no way to validate the password. Creating the password all over with BCrypt and validate against text password works just fine. However I can see that the password then looks like this:

"$2a$12$5sdf65fghkl..."

Why can't I validate the password from PHP in vb.net?

score 0 · Answer 1 · answered Oct 14 '20 at 06:43

All I needed to do was to change "$2y" to "$2a"! There's just a difference in versions of bcrypt. It's all neatly explained here:

Using bcrypt-ruby to validate hashed passwords using version $2y

It's about ruby, but vb.net is apparently using the same version of BCrypt.

Can I validate bcrypt passwords form PHP 7 (Symfony) against vb.net (BCrypt.net)?

1 Answers1