Laravel Bcrypt isn't compatible with my program

Question

I'm currently using Laravel 5 for the website, using the default Auth package.

I've got a generic Bcrypt implementation on my Java program after checking with online bcrypt converters, seems like Laravel's Bcrypt is different somehow, seeing as my program reaches the same result as the online bcrypt sites, whereas Laravel produce a different result.

Any idea what's up with it?

My Java program's Bcrypt implementation uses this but online bcrypt sites produce the same result so the problem cannot lay with my program, but rather with Laravel's Bcrypt. http://www.mindrot.org/projects/jBCrypt/

Answer 1

Fixed.

Apparently, Laravel uses the most recent prefix modification of Bcrypt, whereas the others (public online bcrypt hasher, my app) we using a somewhat outdated prefix.

#5 @ http://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html

-

Examples

Old global Bcrypt prefix (online hashers, my app): $2a$

-

Recently officially updated prefix (Laravel): $2y$

Answer 2

The Laravel bcrypt() is just a wrapper around the password_hash function of php.

Illuminate/Foundation/helpers.php

function bcrypt($value, $options = [])
{
    return app('hash')->make($value, $options);
} 

BcryptHasher

public function make($value, array $options = [])
{
    $cost = isset($options['rounds']) ? $options['rounds'] : $this->rounds;

    $hash = password_hash($value, PASSWORD_BCRYPT, ['cost' => $cost]);

    if ($hash === false) {
        throw new RuntimeException('Bcrypt hashing not supported.');
    }

    return $hash;
}

And after password generated through hash, laravel matches the password using the password_verify function

BcryptHasher

public function check($value, $hashedValue, array $options = [])
{
    if (strlen($hashedValue) === 0) {
        return false;
    }

    return password_verify($value, $hashedValue);
}

For more information about laravel password mechanism