I have a PHP 5.3 webserver with the Lithium framework running on it.
I have password hashes generated with CRYPT_BLOWFISH :
public static function hash($password, $salt = null) {
return crypt($password, $salt ?: static::salt());
}
They get checked with this :
public static function check($password, $hash) {
return String::compare(crypt($password, $hash), $hash);
}
I'm looking for the NodeJS script that would enable me to both check and generate similar hashes :
I've tried this so far (check for now) :
var c = crypto.createCipher('bf-cfb', password);
var res = c.update(hash);
res += c.final('utf8');
Where (not exact vars, but looks like this) :
var hash = '$2a$10$nA5CV2XWJGn0cbKxSHU3GOp29ypHNVJDglJ0iNFx2zFkfy3mrsRZK'; // from php
var salt = '$2a$10$nku2zgjB65zLdcVC1BIhG.'; // from php too
var password = 'passwordInClearTextToCheck'; // correct password to check
Is it possible to achieve?
Crypt() function uses different algorithm, this is not raw Blowfish encryption/decryption. Since there is no Crypt() implementation for node.js yet, I would recommend to hash password + salt with SHA1/SHA256/whatever else.