Password recovery in Ruby bcrypt in PHP

Question

Password recovery in Ruby bcrypt in PHP

I have a custom auth table with several thousand entries containing a password field encrypted by bcrypt-ruby. I have ported the application to PHP / Yii and should use this field for authentication.

Is there a way to get this created Ruby field in PHP?

Check

By "retrieve", I mean that I need to authenticate user logins using the PHP / Yii application in order to interpret the DB table with the password field created by bcrypt-ruby in the Rails application.

+4

ruby php bcrypt

Bill Feb 17 '12 at 0:06

source share

2 answers

You should look at cryptography functions on PHP.net

Here you should be able to what you want if you were following bcrypt in Ruby correctly.

0

Andreas Stokholm Feb 17 '12 at 1:45

source share

Paul hoffer · Accepted Answer · 2012-02-17T05:21:27+0000

I believe this will solve your problem:

$database_record = "something"; // grab from database $user_input = 'unicorns'; // take real one from post data $password = crypt($user_input, '$2a$10$usesomesillystringforsalt$'); // key piece above is the second number, that is the 'work' factor if (crypt($user_input, $database_record) == $password) { echo "Password verified!"; } else { echo 'failed!'; }

It is assumed that you saved them using BCrypt::Password.create(desired_pass) in Ruby and checked the login on BCrypt::Password.new(database_entry) == form_input .

Also, to create a new password in your database (i.e. a new user), save the result

$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');

Lastly, make sure you always use the right cost factor. The same password with different cost factors will not be equivalent. The default cost factor in bcrypt-ruby is 10 (current version, 3.0.1).

Password recovery in Ruby bcrypt in PHP

Check

More articles: