coneill-relay
commented
9 months ago I got something working using Rust's Bcrypt library that has a non encoded form the bcrypt function that outputs the same hash as buddy hasher when provided the same salt and rounds
Sorry if this is a question more for bouncy castle but I was wondering if there was any guidance how to use the output from bcrypt+sha512 and migrate to another language like python or node.
I see there are bcrypt packages but they don't seem to follow the same structure that this outputs. I see that this implementation uses https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/crypto/generators/BCrypt.java#L630 which just returns the raw 24 bytes from the iterations, salt and password but it seems like most other implementations use the BSD version that takes in things like the Bcrypt version and gives back the base64 encoded hash. I guess where im lost is even though everything is speaking bcrypt I can't see to match up the outputs from one library here and use them to check passwords from another library. I've been trying to reverse what buddy hasher and bouncy castle do to try and generate compatible salts for other packages but ive not had success trying to get a known good password to successfully validate in another package by trying to extract the salt or find a way to compare the hash to other packages output.
Any help would be appreciated.