0

Hello I am building an API on python to create a user and insert password in database. The problem is that the application is on Laravel PHP and using bcrypt.
For example encrypting "test1234$%" in PYTHON gives "$2b$12$rsGZPtjctbI6bSGzS4P3mOSdrABnJuHfnKxEQwvm4KFu72BN3XNKK" and encrypting same in PHP gives "$2y$10$cO2nvRURLRdlW8j6CbWu8OeVlv7dyeozpBZcxVB2nd8hbyILyg7Xa"

and when trying to login with users created by the api on the app it does not work. Even if i test with this it does not work the output is invalid:

$hash = '$2b$12$rsGZPtjctbI6bSGzS4P3mOSdrABnJuHfnKxEQwvm4KFu72BN3XNKK';

//validade hash in php
if(password_verify ( "test1234$%", $hash )){
  echo "valid";
} else {
  echo "invalid";
}

echo("\n".phpversion());

on python side used the following code:

pip install bcrypt


 import bcrypt
 
 password = item.password
 bpassword = b"password"
 hashed = bcrypt.hashpw(bpassword, bcrypt.gensalt())

on PHP side:

if (! function_exists('bcrypt')) {
    /**
     * Hash the given value against the bcrypt algorithm.
     *
     * @param  string  $value
     * @param  array  $options
     * @return string
     */
    function bcrypt($value, $options = [])
    {
        return app('hash')->driver('bcrypt')->make($value, $options);
    }
}
Improve this question
3
  • Your prefixes differ. See github.com/pyca/bcrypt/#adjustable-prefix Commented Jan 19, 2022 at 8:47
  • I saw you added a tag "laravel" Is the code is in laravel? If yes, you should use BcryptHasher instead. stackoverflow.com/questions/38518543/… Commented Jan 19, 2022 at 8:53
  • It will always create a different hash due to random salts. The important part is that using the appropriate verification function should be able to verify the plaintext password against the hash. Commented Jan 19, 2022 at 9:03

2 Answers 2

Reset to default
0

bcrypt use different salt each runtime that is why its perfect for storing password on database... unless you force it to use the same salt each time it will keep generating different resulting hash

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I found a solution in the Python api i call bcrypt in PHP using subprocess

code = """echo password_hash("""'"'+item.password+'"'""",PASSWORD_BCRYPT);"""
    hashed_password = await myClass.php(code)

  async def php(self, code):
        p = subprocess.Popen(["php", "-r", code],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        out = p.communicate()
        if out[1] != b'': raise Exception(out[1].decode('UTF-8'))
        return out[0].decode('UTF-8')
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.