d11wtq
Reputation: 35298
Generate cross-platform compatible Blowfish hash (PHP/Ruby)
In PHP we are generating some password hashes using the built-in crypt() function to produce a blowfish hash.
<?php $hash = crypt("secure password", '$2a$10$ ... salt here ... $');
I see that ruby has String#crypt, but the output we get is entirely different (much shorter hash). Looking at the man page for crypt (3), only some Linux distros add blowfish support to glibc, so I assume ruby doesn't support it.
Now I googled and found the crypt gem, but it seems to be hard-coded to do 2^16 cycles instead of the 2^10 we're using. It also gives me an exception in ruby 1.9.3:
Crypt::Blowfish.new("abc").encrypt_block("foo")
TypeError: can't convert String into Integer
from /Users/chris/.rbenv/versions/1.9.3-p0/lib/ruby/gems/1.9.1/gems/crypt-1.1.4/crypt/blowfish.rb:47:in `|'
Does anybody know how we can produce the same blowfish hashes in ruby that we have generated in PHP?
Upvotes: 1
Views: 480
Answers (1)
d11wtq
Reputation: 35298
The BCrypt gem does what we need:
BCrypt::Engine.hash_secret("bob", "$2a$10$ ... salt here ...")
Upvotes: 1
Related Questions
- Crypt for password hashing. Blowfish produces weird output
- Blowfish encryption - hash is created but will not verify
- php blowfish hashing with crypt(): the CLI result differs from webserver's one
- Using blowfish in PHP for storing passwords
- to use CRYPT_BLOWFISH on php 5.2 that doesn't support it
- CRYPT_BLOWFISH usage
- Authenticating password encrypted in PHP using Blowfish with Ruby
- Mimic CRYPT_BLOWFISH with MCRYPT_BLOWFISH
- How to create and store password hashes with Blowfish in PHP
- (PHP) How to use crypt() with CRYPT_BLOWFISH?