Ruby bcrypt password retrieval in PHP
Question
I have a user auth table with a few thousand records containing a password field encrypted by bcrypt-ruby. I've ported the app in to PHP / Yii and need to use this field for authentication.
Is there a way to retrieve this Ruby-created field in PHP?
Verification
By "retrieve" I mean that I need to authenticate user logins using a PHP / Yii app to interpret a DB table with a password field created by bcrypt-ruby in a Rails app.
Solution
I believe this would solve your problem:
$database_record = "something"; // grab from database
$user_input = 'unicorns'; // take real one from post data
$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');
// key piece above is the second number, that is the 'work' factor
if (crypt($user_input, $database_record) == $password) {
echo "Password verified!";
}
else {
echo 'failed!'; }
This assumes you stored them using BCrypt::Password.create(desired_pass)
in Ruby, and were verifying login by BCrypt::Password.new(database_entry) == form_input
.
Additionally, to create a new password in your database (i.e. a new user), store the result of
$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');
Lastly, make sure that you are always using the correct cost factor. The same password with different cost factors will not be equivalent. The default cost factor in bcrypt-ruby is 10 (current version, 3.0.1).
OTHER TIPS
You should have a look at the crypt functions at PHP.net
Here you should be able to to what you want if you've followed bcrypt correctly in Ruby.