Comparing BCrypt hash between PHP and NodeJS

Question

For an app I\'m working on, nodejs needs to verify hashes created by PHP and vice-versa.

The problem is, the hashes generated in PHP (via Laravel\'s Hash

Answer 1

The implementation of bcrypt in different language might be differ.

For example, in Node.js version bcrypt.js, the salt length applied are 29 characters

    bcrypt.getSalt = function(hash) {
        if (typeof hash !== 'string')
            throw Error("Illegal arguments: "+(typeof hash));
        if (hash.length !== 60)
            throw Error("Illegal hash length: "+hash.length+" != 60");
        return hash.substring(0, 29);
    };

But, in Go version golang.org/x/crypto/bcrypt, the salt size are 22 of bytes:

const (
    majorVersion       = '2'
    minorVersion       = 'a'
    maxSaltSize        = 16
    maxCryptedHashSize = 23
    encodedSaltSize    = 22
    encodedHashSize    = 31
    minHashSize        = 59
)

So, it might happen that hashed string in Node.js gets error when compared in Go, other languages likewise.