2

I am hoping someone might shed some light on which library I might use if any are available to convert a PHP based application that has been using BCrypt $2a to a .Net based application, the current BCrypt C# Library I used I just realized is using $2y so I will not be able to seemlessly migrate users without causing mass password resets. Is there a $2a port to C# that is available or the inverse a $2y implementation in PHP that I might retro fit into the existing system and re-hash passwords. Ideally I would like to do zero coding in the PHP version and be able to migrate to .Net platform.

Thank you.

svick
  • 236,525
  • 50
  • 385
  • 514
Ryan Fisch
  • 2,614
  • 5
  • 36
  • 57

1 Answers1

2

As for $2a$, it depends on how old your version of PHP bcrypt is.

Pre-2011, you will want to change $2a$ to $2x$. Post-2011, $2a$ and $2y$ are (except for sequences of 0xff which can't be produced by UTF-8 passwords) equivalent. All three are equivalent for ASCII passwords.

My library CryptSharp can do bcrypt in $2a$ (post-2011, $2y$ equivalent), $2x$, and $2y$ form.

James
  • 1,874
  • 1
  • 16
  • 18
  • Zer, could you paste a code sample up. I'm trying to use your library to create a hash for both $1$ as well as $2y$10 and it keeps giving me a argument exception for the salt value. I have an salt of length 8, e.g. 12345678. To that I then prepend "$1$" and append "$" making it a total of 12 characters (same format as PHP crypt) So the final string is "$1$12345678$", and no luck. Throws exception. What format should the salt be? The same for $2y$10. I need to replicate the PHP crypt functions for this. – gg. Dec 22 '14 at 19:09