Can a hashed password using BCrypt in Java be recognised by Python?

1
votes

I'm planning to hash user passwords using bcrypt, and to store these hashed passwords in a database.

The server that handles user account creation, and inserts the hashed password to the database is written in Java.

Another server that needs to access user information (including the hashed passwords) is written in Python.

I was planning to use jBCrypt for the Java side, but before I do that I want to make sure that I'll by able to recognise/use these hashed passwords from the Python side.

How I understand things, this should be no problem as long as the Python BCrypt implementation is the same as the Java implementation.

So, can I use the passwords hashed using jBCrypt from Python? How?

Thanks in advance!

1
javapythoncryptographybcrypt
bcrypt is bcrypt (just like md5 is md5, etc). Any correct implementation will produce identical output for the same input. For the last question, start with a search .. the one thing to keep in mind, however, is how the hash value, salt and number of rounds are stored (e.g. part of same string? hex encoded? separators?).user2246674
Awesome, thanks! Just making sure :)Felix
@user2246674 The output of bcrypt is a standard and it includes all necessary details.ntoskrnl

1 Answers

1
votes

The best way to know is to actually try it. Assuming both implementations are correct, they should be compatible, as long as you take care to re-encode data as necessary.

Typically, a hash is stored in memory either as a byte array of the raw hash, or as a ASCII hexadecimal representation. The best way to know what encoding it's using is actually printing it to the console: if it looks like garbage, it'll be a raw byte array; if it prints a hexadecimal string (0-9 and a-f), it's ascii encoded hexadecimal.

Salt will probably be stored like the hash. The number of rounds is a integer. It's up to you to store all this data in a common format. If you need to convert a ascii hex string to a byte array (actually, a string) in python, you can use string.encode:

>>> 'hello world'.encode('hex')
'68656c6c6f20776f726c64'
>>> '68656c6c6f20776f726c64'.decode('hex')
'hello world'

For a bcrypt implementation in python, you may want to try py-bcrypt