Skip to content

Instantly share code, notes, and snippets.

@geekgonecrazy

geekgonecrazy/README.md

Last active May 24, 2020 16:59
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save geekgonecrazy/3a61ee15f515022295eef57f0713b52b to your computer and use it in GitHub Desktop.
Save geekgonecrazy/3a61ee15f515022295eef57f0713b52b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Bcrypt hash Compare issues

Bcrypt hashes generated by golang will not validate in node.js and vice versa

Golang

Get one external dependency:

go get golang.org/x/crypto/bcrypt

Then run: go run main.go

Should yield something like:

Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2a$10$yDx0jD0j5tJKxJIE5jUFx.Kl86.UIA1KePuV7WFX2qcRPAnrRaSfm

Node.js

Get dependencies:

npm install bcrypt@2 sha256

Then run: node main.js

Should yield something like:

Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$Hr7K1hpiyqnawyVvn4MfzejtVvHRpcmqqwXFUWyKds03ZLDFDg8O2

Python

Get dependencies:

pip install bcrypt

Then run: python main.py

Should yield something like:

Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$ioCPS0vXBP0QyewT9t8DP.WcCF4XGlGwpj7wgMHdVIkV.FHsbWg2y

Comparing

Go -> Node.js

$ node main.js '$2a$10$yDx0jD0j5tJKxJIE5jUFx.Kl86.UIA1KePuV7WFX2qcRPAnrRaSfm'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$Qrc3PkcZnAHMKd0pLq/Sye2I4Vib2bi/5Zpgq.Vhcl.WqHOkQ1mq.
Comparing password to hash passed in...
Hash Comparing: $2a$10$yDx0jD0j5tJKxJIE5jUFx.Kl86.UIA1KePuV7WFX2qcRPAnrRaSfm
Match: false

Node.js -> Go

$ go run main.go '$2b$10$Hr7K1hpiyqnawyVvn4MfzejtVvHRpcmqqwXFUWyKds03ZLDFDg8O2'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2a$10$fYA7OaznvFQL5g6XBKsU/u52/NWhdSaerSp8P0.PabOamcju8kYCu
Comparing password to hash passed in...
Hash Comparing: $2b$10$Hr7K1hpiyqnawyVvn4MfzejtVvHRpcmqqwXFUWyKds03ZLDFDg8O2
Match: false

Python -> Go

$ python main.py '$2b$10$ioCPS0vXBP0QyewT9t8DP.WcCF4XGlGwpj7wgMHdVIkV.FHsbWg2y'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2a$10$eiqKK07cvV.ZR45iRZHLWOaBHF63xYqCoPexUQKcaXsUv0kA0zsqm
Comparing password to hash passed in...
Hash Comparing: $2b$10$ioCPS0vXBP0QyewT9t8DP.WcCF4XGlGwpj7wgMHdVIkV.FHsbWg2y
Match: false

Python -> Node.js

$ node main.js '$2b$10$h6GPE8lFIZoW6xvE8UzKuufqr1ua/WVN5ue7H1jYQo7Yl8QUqxk4m'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$K/5/HmIhN3FwbAboEhon2.6lAYj.2.crOxKpw0ONXWmvPzK26C7ty
Comparing password to hash passed in...
Hash Comparing: $2b$10$h6GPE8lFIZoW6xvE8UzKuufqr1ua/WVN5ue7H1jYQo7Yl8QUqxk4m
Match: true

Go -> Python

$ python main.py '$2a$10$EC8KTl9VI25iGvceRA376uID51Nz6GO6pGjaqLTPB/fs.n.9sEocC'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$gyBlTqRiaPHrDoiQNQbj8OKjCKvb9y8xqJShpVKK6BXmvVDIsNKqm
Comparing password to hash passed in...
Hash Comparing: $2a$10$EC8KTl9VI25iGvceRA376uID51Nz6GO6pGjaqLTPB/fs.n.9sEocC
Match:  False

Node.js -> Python

$ python main.py '$2b$10$HaiWH3kvMocyvfGTtdsrieOpRNE1eIXpDxzZYXfhHoZ6LW6oSCopG'
Hashing: pass@word1
sha256: 09dad9377a46ce39ee4f8f9baee5cd3117e6732bf9e816c51227c6cdc0851635
bcrypt: $2b$10$8Y1zWwkEvw1qUXlIt0WVIekbXgFR1uXenDRi2.8au3H8OUN.4rsdq
Comparing password to hash passed in...
Hash Comparing: $2b$10$HaiWH3kvMocyvfGTtdsrieOpRNE1eIXpDxzZYXfhHoZ6LW6oSCopG
Match:  True
Raw
main.go
package main
import (
"crypto/sha256"
"fmt"
"os"
"strings"
"golang.org/x/crypto/bcrypt"
)
func main() {
password := []byte("pass@word1")
fmt.Println("Hashing:", string(password))
compareHash := strings.Join(os.Args[1:], "")
sha256Hash := sha256.New()
_, err := sha256Hash.Write(password)
if err != nil {
panic(err)
}
sha := sha256Hash.Sum(nil)
fmt.Printf("sha256: %x \n", sha)
bcryptHash, err := bcrypt.GenerateFromPassword(sha, 10)
if err != nil {
panic(err)
}
fmt.Println("bcrypt:", string(bcryptHash))
if compareHash != "" {
fmt.Println("Comparing password to hash passed in...")
fmt.Println("Hash Comparing:", compareHash)
match := false
err = bcrypt.CompareHashAndPassword([]byte(compareHash), sha)
if err == nil {
match = true
}
fmt.Println("Match:", match)
}
}
Raw
main.js
var bcrypt = require('bcrypt');
var sha256 = require('sha256');
var compareHash = process.argv[2];
var password = "pass@word1";
console.log('Hashing:', password);
var sha = sha256(password);
console.log('sha256:', sha);
var hash = bcrypt.hashSync(sha, 10)
console.log('bcrypt:', hash);
if (typeof compareHash !== undefined) {
console.log('Comparing password to hash passed in...');
console.log('Hash Comparing:', compareHash);
var match = bcrypt.compareSync(sha, compareHash);
console.log('Match:', match);
}
Raw
main.py
import sys
import bcrypt
import hashlib
password = b"pass@word1"
print 'Hashing:', password
sha_obj = hashlib.sha256(password)
sha = sha_obj.hexdigest()
print 'sha256:', sha
hashed = bcrypt.hashpw(sha, bcrypt.gensalt(rounds=10))
print 'bcrypt:', hashed
if len(sys.argv) > 1:
compareHash = sys.argv[1]
print 'Comparing password to hash passed in...'
print 'Hash Comparing:', compareHash
match = False
if bcrypt.checkpw(sha, compareHash):
match = True
print 'Match: ', match
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment