Re: Crypt::Eksblowfish::Bcrypt doesnt support 2y?

Replies are listed 'Best First'.
Re^2: Crypt::Eksblowfish::Bcrypt doesnt support 2y? by dallase (Initiate) on Dec 16, 2014 at 05:21 UTC
UPDATED: I edited Bcrypt.pm as below, and I can confirm this allows me to verify $2a$ or $2y$ bcrypt passwords. ================= # diff -Naur /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-mult +i/Crypt/Eksblowfish/Bcrypt.pm.orig /usr/lib64/perl5/site_perl/5.8.8/x +86_64-linux-thread-multi/Crypt/Eksblowfish/Bcrypt.pm --- /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/E +ksblowfish/Bcrypt.pm.orig 2014-12-16 05:50:54.000000000 +0000 +++ /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/E +ksblowfish/Bcrypt.pm 2014-12-16 05:23:46.000000000 +0000 @@ -153,7 +153,7 @@ sub bcrypt($$) { my($password, $settings) = @_; croak "bad bcrypt settings" - unless $settings =~ m#\A\$2(a?)\$([0-9]{2})\$ + unless $settings =~ m#\A\$2([ay]?)\$([0-9]{2})\$ ([./A-Za-z0-9]{22})#x; my($key_nul, $cost, $salt_base64) = ($1, $2, $3); my $hash = bcrypt_hash({ [download] ============= So assuming I pull a $2y$10$ hashed password from the database, I can just s/^\$2y\$/\$2a\$/ and verify it using Crypt::Eksblowfish::Bcrypt, is that I'm hearing? If that is the case, I support I can hack up the module itself and allow $2a or $2y without throwing an error.	[reply] [d/l]
Re^3: Crypt::Eksblowfish::Bcrypt doesnt support 2y? by wollmers (Scribe) on Dec 17, 2014 at 13:37 UTC
dallase, thx for solving the same problem here after an upgrade of Moodle.	[reply]