Python and php bcrypt

I used Laravel to register users. It uses bcrypt as follows:

$2y$10$kb9T4WXdz5aKLSZX1OkpMOx.3ogUn9QX8GRZ93rd99i7VLKmeoXXX 

I am currently doing another script that will authenticate users from another source using python. I installed py-bcrypt and tried it. The format is as follows:

 $2a$10$Vj0b0GZegbpXIIpa/lvi9OjkAFJ5zNzziVRW7yN9ssDKVQDX47XXX 

But in python, I cannot authenticate the user due to invalid salt .

I noticed that Larvel bcrypt uses $2y , while python uses $2a . How do I get around this?

notes:

 I used 10 rounds for both crypts. 
+3
source share
1 answer

I just found out that 2a and 2y very similar except for the name (prefix).

replacing the 2y laravel hash, before 2a still maintains the hash integrity and should work correctly and match the password, even if you replace the identifier.

In my case (question), the solution was to use str.replace('$2y$', '$2a$') , and everything was fine. Now py-bcrypt accepts the hash without invalid salt error.

Good luck guys.

+3
source

Source: https://habr.com/ru/post/1012386/


All Articles