Ruby bcrypt password retrieval in PHP

Question

I have a user auth table with a few thousand records containing a password field encrypted by bcrypt-ruby. I've ported the app in to PHP / Yii and need to use this field for authentication.

Is there a way to retrieve this Ruby-created field in PHP?

Verification

By "retrieve" I mean that I need to authenticate user logins using a PHP / Yii app to interpret a DB table with a password field created by bcrypt-ruby in a Rails app.

Answer 1

I believe this would solve your problem:

$database_record = "something";   // grab from database
$user_input = 'unicorns';         // take real one from post data
$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');
// key piece above is the second number, that is the 'work' factor

if (crypt($user_input, $database_record) == $password) {
   echo "Password verified!";
}
else {
    echo 'failed!'; }

This assumes you stored them using BCrypt::Password.create(desired_pass) in Ruby, and were verifying login by BCrypt::Password.new(database_entry) == form_input.

Additionally, to create a new password in your database (i.e. a new user), store the result of

$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');

Lastly, make sure that you are always using the correct cost factor. The same password with different cost factors will not be equivalent. The default cost factor in bcrypt-ruby is 10 (current version, 3.0.1).

Answer 2

You should have a look at the crypt functions at PHP.net

Here you should be able to to what you want if you've followed bcrypt correctly in Ruby.