Android Question How to generate a $2y$ hashed data

toby

Active Member
Licensed User
I need a function at B4A side to generate a hashed data, same as php's password_hash() does (Bcrypt, random salt), so that at my server side I can use php's password_verify() to verify that this is indeed one of my own requests before granting access to mysql database.

Any helps/tips would be greatly appreciated.
 

DonManfred

Expert
Licensed User
B4X:
    Dim bc As BCrypt
    Dim hash As String = bc.hashpw("Test",bc.gensalt)
    Log(hash) ' $2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u
I tried the generated hash with PHP. password_verify returns TRUE

PHP:
$pw = "$2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u";
if (password_verify("Test",$pw) == true){
  echo "password_verify returns TRUE";
} else {
  echo "password_verify returns FALSE";
}
 

Attachments

Last edited:

DonManfred

Expert
Licensed User
I also notice that they returns different prefix.


=============== ===================
php's password_hash(): $2y$
bcrypt's hashwp(): $2a$

I'm not sure if that's important.
The question was about a method which can be used in PHPs password_verify.
This is given.

If PHP was not able to understand the prefix then it would have returned false i guess.
 
Top