Laravel & Meteor password hashing -


i have 2 applications, 1 in laravel 5.2 , 1 in meteor. want collect hashes passwords compatible both platforms.

the database stores hashes separately

  • password laravel.
  • meteor_password meteor.

both platforms use bcrypt 10 rounds default, meteor appears sha256 plain password before bcrypt.

if meteor creates password hash abc, can sha256 plain password, , compare abc using laravel's internals, i.e. auth::attempt()

$sha256 = hash('sha256', $request->get('password'), false);

this works. laravel authenticates user.

however, if register new user in laravel, , store hash meteor_password, when authenticating against hash in meteor, fails error message "login forbidden". this error appears mean incorrect credentials.

i'm creating hash in same way did when verified in laravel.

$meteor_password = bcrypt(hash('sha256', $plain, false));

it seems strange it'd work 1 way , not other assume i'm missing something.

in 2011, bug discovered in php's bcrypt implementation, changed original 2a version indicator 2x , 2y, used today, indicate password hashed fixed version.

therefore, hash generated php's 2y should identical 1 generated node's 2a.

the prefix should changed in order correctly processed npm module (used meteor), does not acknowledge 2y.

$meteor_password = bcrypt(hash('sha256', $plain, false)); // replace useing like: $meteor_password = str_replace('$2y', '$2a', $meteor_password); // or $meteor_password[2] = 'a';

Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

post - imageshack API cURL -

i credentials correct. when send image through form this:(action="http://api.imageshack.com/v2/images/"). working fine when tried send $ch = curl_init($url); failed. code: enter code here <form action="" method="post" enctype="multipart/form-data"> select image upload: <input type="file" name="file" id="file" multiple> <input type="text" name="auth_token" id="auth_token" value="xxxxxxxxxxxxxxxx"> <input type="text" name="api_key" id="api_key" value="xxxxxxxxxxxxxxx"> <input type="submit" value="upload image" > </form> $url = ' http://api.imageshack.com/v2/images/ '; $temp = $_files["file"]['tmp_name']; echo $temp."<br>" ; $ch = curl_init($url); curl_setopt($ch, curlopt_post, true); curl...
Read more

dataset - MPAndroidchart returning no chart Data available -

i having problems mpandroidchart. adding temperature , humidity data chart, displays "no chart data available". here can see bug is? super grateful! //create data //set size of data int size = list.size(); if (size > 24){ size = 24;} //create lists form temp , hum arraylist<entry> temps = new arraylist<entry>(); arraylist<entry> hums = new arraylist<entry>(); //fill list temp values (int = 0; < size; i++){ entry value = new entry(math.round(list.get(list.size()-size + i).temp), (size-i)); temps.add(value); } //fill list hum values (int = 0; < size; i++){ entry value = new entry(math.round(list.get(list.size()-size + i).hum), (size-i)); hums.add(value); } ...
Read more