如何使用与java和php兼容的相同密码?

I have used php crypt function to hash password. For example:

<?php

$hash = '$2y$08$ffWmSGZOM5pNJpHNvpqMa.z01BL25WGoXViaWYhxS0WRaftgAxhkC';
$test = crypt("test", $hash);
$pass = $test == $hash;

echo "Test for functionality of compat library: " . ($pass ? "Pass" : "Fail");
echo "
";

NOW: If i use php bcrypt passowrd_hash() function i get this following output:

Password: test

bcrypted password using passowrd_hash() is : $2y$08$ffWmSGZOM5pNJpHNvpqMa.z01BL25WGoXViaWYhxS0WRaftgAxhkC

Now i want to have the same output in Android Java. My questions are:

  1. How can i achieve this?
  2. Is there any class file or default function in android java so that i can use to achieve this?
  3. Do i have to write a custom function to achieve this?

I also want to decrypt the password using java.

Any answer with example will be appreciated. Advance thanks to all.

Firstly, we need to look at what the crypt function in PHP does. php.net states:

"crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system."

Let's assume it's DES, even though DES isn't a hashing algorithm.

Ok, so now we know what "hash" function is used, it's simply a case of implementing it another language (pedantry aside for now, hash functions should always return the same output given the same input).

Here is a link that shows how to implement DES in Java: http://www.mkyong.com/java/jce-encryption-data-encryption-standard-des-tutorial/

Aside, DES is badly broken and should be avoided. At minimum I would recommend SHA-2 for hashing. Additionally, you can't (again, pedantry aside) "decrypt" a hash as hash functions are one way.

If you insist of using bcrypt in Java. Try this, jBCrypt.

I am using laravel default password hasihing algorthim using bcrypt. My problem was to convert it same as in Java. I have achieved the same password using jbcrypt. For example:

Here laravel bcrypted password is = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv." I have taken that string in a variable

String a_hash = "$2y$08$rW76CEOBYmWzeANFqNOQyei8ArmYpacN6MIRjS55sgpT.6p/5eMv.";

And the following code gives me the matching password result:

if (BCrypt.checkpw(candidate, a_hash))
            System.out.println("It matches");
        else
            System.out.println("It does not match");

I have used Damien Miller's BCrypt library to achieve this. These are the useful urls: http://www.mindrot.org/projects/jBCrypt/

Using jBCrypt to salt passwords in Android App causes a long hang

Using jBCrypt to salt passwords in Android App causes a long hang