current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm planning to hash user passwords using bcrypt, and to store these hashed passwords in a database.

The server that handles user account creation, and inserts the hashed password to the database is written in Java.

Another server that needs to access user information (including the hashed passwords) is written in Python.

I was planning to use jBCrypt for the Java side, but before I do that I want to make sure that I'll by able to recognise/use these hashed passwords from the Python side.

How I understand things, this should be no problem as long as the Python BCrypt implementation is the same as the Java implementation.

So, can I use the passwords hashed using jBCrypt from Python? How?

Thanks in advance!

share|improve this question
3  
bcrypt is bcrypt (just like md5 is md5, etc). Any correct implementation will produce identical output for the same input. For the last question, start with a search .. the one thing to keep in mind, however, is how the hash value, salt and number of rounds are stored (e.g. part of same string? hex encoded? separators?). –  user2246674 Jun 6 '13 at 2:20
    
Awesome, thanks! Just making sure :) –  Felix Jun 6 '13 at 2:58
1  
@user2246674 The output of bcrypt is a standard and it includes all necessary details. –  ntoskrnl Jun 6 '13 at 5:53

1 Answer 1

up vote 1 down vote accepted

The best way to know is to actually try it. Assuming both implementations are correct, they should be compatible, as long as you take care to re-encode data as necessary.

Typically, a hash is stored in memory either as a byte array of the raw hash, or as a ASCII hexadecimal representation. The best way to know what encoding it's using is actually printing it to the console: if it looks like garbage, it'll be a raw byte array; if it prints a hexadecimal string (0-9 and a-f), it's ascii encoded hexadecimal.

Salt will probably be stored like the hash. The number of rounds is a integer. It's up to you to store all this data in a common format. If you need to convert a ascii hex string to a byte array (actually, a string) in python, you can use string.encode:

>>> 'hello world'.encode('hex')
'68656c6c6f20776f726c64'
>>> '68656c6c6f20776f726c64'.decode('hex')
'hello world'

For a bcrypt implementation in python, you may want to try py-bcrypt

share|improve this answer
    
Awesome, thanks goncalopp! I'll give it a go. –  Felix Jun 6 '13 at 2:59
    
I tried using jBCrypt and py-bcrypt, and it works beatifully :) –  Felix Jun 7 '13 at 1:47

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.