Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

can't verify hash #213

Closed
slifin opened this issue Feb 26, 2014 · 3 comments

Comments

@slifin
Copy link

commented Feb 26, 2014

I've got an existing password system with PHP using the 5.5 password hash API and a mysql database with the hashes stored.

here is an example hash from the system:
$2y$10$7aUWwJkcNt8Nl6lyMbEK3.kUYVV3yDWhxoFY476uSsQdHaq3diMjG
this translates to:
password2345
my php library says this is a bcrypt hash at a cost of 10

here is my simple test code:
http://pastebin.com/pWQkvcfs

it always returns false when in theory it should return true

@slifin

This comment has been minimized.

Copy link
Author

commented Feb 26, 2014

If it helps the error variable in this context returns undefined and res returns false

@ncb000gt

This comment has been minimized.

Copy link
Collaborator

commented Feb 26, 2014

The issue here is the $2y. The version of bcrypt we're using specifies $2a. The y, iirc, is there due to a security issue in the php version. But, in this case, if you change the $2y to $2a you shouldn't have any issues.

bcrypt.compareSync('password2345', '$2a$10$7aUWwJkcNt8Nl6lyMbEK3.kUYVV3yDWhxoFY476uSsQdHaq3diMjG');
true
> bcrypt.compareSync('password2345', '$2y$10$7aUWwJkcNt8Nl6lyMbEK3.kUYVV3yDWhxoFY476uSsQdHaq3diMjG');
false

@ncb000gt

This comment has been minimized.

Copy link
Collaborator

commented Feb 26, 2014

Note, compare and compareSync do the same thing...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.