问题
I have a system built in laravel and I have created an API. The problem is in Authentication.
I have an Android app and want to authenticate with the laravel system by the following way:
user type its password and username in Android app, password and username are send over network to laravel (the password will hashing with bcrypt). In server side, laravel get the user with the username received and compare the password received with the password stored in data base.
Laravel use bcrypt in order to hash user's passwords. If I understand the bcrypt algorithm it use a number of round and a salt, so investigate laravel's code I found that it use round = 8 by default but I don't know what salt it use. I tried a web bcrypt generator for a determinate password and it doesn't match with the hash calculate by laravel (and stored in data base).
Any suggestion?
Thanks
回答1:
I need made a workaround here to work, because when I generate with PHP, hash starts with $2y$ and java starts with $2a$.
To solve this, I create a regex in java before password match to replace $2y$ to $2a$ and works for me.
In PHP I used the native function:
$hash = password_hash($pass, PASSWORD_DEFAULT);
and in java I used jbcrypt lib.
回答2:
It worked for me using Bcrypt.checkpw("plain_password", "encrypted_password"). I replaced the bcrypt encrypted hash with $2a$ at the beginning.
来源:https://stackoverflow.com/questions/22362693/how-to-calculate-in-java-a-bcrypt-password-compatible-with-laravel