Laravel & Meteor password hashing

Question

I have two applications, one in Laravel 5.2 and one in Meteor. I want to collect hashes for passwords which are compatible with both platforms.

The database stores t

Answer 1

In 2011, a bug was discovered in PHP's BCrypt implementation, so they changed the original 2a version indicator to 2x and 2y, which is used today, to indicate that the password was hashed by the fixed version.

Therefore, the hash generated by PHP's 2y should be identical to the one generated by node's 2a.

The prefix should be changed in order to be correctly processed by the NPM module (used by Meteor), as it does not acknowledge 2y.

$meteor_password = bcrypt(hash('sha256', $plain, false));
// replace it useing something like:
$meteor_password = str_replace('$2y', '$2a', $meteor_password);
// or
$meteor_password[2] = 'a';