Comparing BCrypt hash between PHP and NodeJS Comparing BCrypt hash between PHP and NodeJS php php

Comparing BCrypt hash between PHP and NodeJS


php node.js bcrypt

This fails because the types of bcrypt hashes being generated from php and node are different. Laravel generates the $2y$ while node generates the $2a$. But the good news is the only difference between 2a and 2y are their prefixes.

So what you can do is make one of the prefix similar to the other. Like:

$phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';$nodeGeneratedHash = '$2a$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

To something like:

$phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';$nodeGeneratedHash = '$2y$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

Notice that I replaced the $2a$ of the node hash to $2y$. You can simply do this with:

PHP

$finalNodeGeneratedHash = str_replace("$2a$", "$2y$", $nodeGeneratedHash);

Node

finalNodeGeneratedHash = nodeGeneratedHash.replace('$2a$', '$2y$');

Then compare phpGeneratedHash to finalNodeGeneratedHash.

Note: It is recommended that if you're comparing in PHP, change the prefix of the NodeJS generated hash to $2y$ and if you're comparing in NodeJS; change the prefix of the PHP generated hash to $2a$.

php node.js bcrypt

I have tried to compute what was said before to get codes that work. As you can see I don't need to replace anything.

On the PHP 7.2.4 side:

<?php$password = "test123";    $hash = password_hash($password, PASSWORD_BCRYPT);    echo $hash; // I get $2y$10$5EaF4lMSCFWe7YqqxyBnR.QmDu1XhoiaQxrOFw.AJZkGCYmpsWDU6

On the nodeJS side:

Install bcryptjs package: npm i bcryptjs

var bcrypt = require('bcryptjs');let hash1="$2y$10$5EaF4lMSCFWe7YqqxyBnR.QmDu1XhoiaQxrOFw.AJZkGCYmpsWDU6";console.log(bcrypt.compareSync("test123", hash1)); // display true

php node.js bcrypt

The implementation of bcrypt in different language might be differ.

For example, in Node.js version bcrypt.js, the salt length applied are 29 characters

    bcrypt.getSalt = function(hash) {        if (typeof hash !== 'string')            throw Error("Illegal arguments: "+(typeof hash));        if (hash.length !== 60)            throw Error("Illegal hash length: "+hash.length+" != 60");        return hash.substring(0, 29);    };

But, in Go version golang.org/x/crypto/bcrypt, the salt size are 22 of bytes:

const (    majorVersion       = '2'    minorVersion       = 'a'    maxSaltSize        = 16    maxCryptedHashSize = 23    encodedSaltSize    = 22    encodedHashSize    = 31    minHashSize        = 59)

So, it might happen that hashed string in Node.js gets error when compared in Go, other languages likewise.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last