I'm working for a company and I have to remake their API to Golang from Php. The previous developer was using Phpass with Php, however, I need to use it with Golang.
I searched about how to implement phpass in go but it doesn't seems to work as well as in php.
I saw these github implementations:
gopass — Implement phpass algorithm in go
phpass — A go implementation of the PHPass password ...
Maybe it's weird, but does it works the same in Php? For me, each time I get a new hashed password for the same password/using. I also never did php, so I don't really know how to test this class/library (phpass)
Thank for help !
The different hashes are the result of salting, each password should get its own unique salt. This salt is then included together with other parameters in the resulting hash string, so a password_verify() function can extract it to verify an entered password.
According to this answer, the Go language seems to implement the BCrypt algorithm. This would be the default of the phpass library, if the hashes where not generated with a very old PHP version. If your hashes start with the signature $2y$... chances are good that the BCrypt implementation is compatible with the hashes generated by PHP.