Library that supports $2y$ prefix in Bcrypt - Phoenix?

Lets say i have a set of passwords using Bcrypt with $2y$ prefix.Now i am moving to elixir for my i am using comeonin as password hashing library, when i check my old passwords using following function

     Comeonin.Bcrypt.checkpw("hard to guess", stored_hash)

I am getting argument error like

Comeonin Bcrypt does not support the 2y prefix

Later i came to know that Comeonin lib is not support validating passwords using bcrypt with $2y$ prefix, Is there any other library that support $2y$ prrefix


Comeonin.Bcrypt.checkpw("pass1234", "$2y$12$qGz.0gYxDW//STSqUxPmL.6.36MlZuJh.AuWGDT7Yo25rUbNN6Qu‌​i")

If I understand correctly this:

$2y$ prefix is not a standard prefix but something added by PHP devs when they fixed their own implementation. I do think that anything else than PHP supports such prefix.

I do think that it may work just fine if you update your prefixes from $2y$ to something like $2a$ before checking password. Do it on the fly with regular expression before passing to Comeonin.

1 Like

ya changing $2y$ to $2a$ working fine, but I wouldd like to know Is it safe approach?

I am basing my knowledge on the link above, but as far as I understand $2y$ is simply equivalent to $2a$, marking that it’s generated using previously broken - and now corrected - PHP implementation. In my opinion this should work just fine.

1 Like