The laravel framework (php) creates user passwords in the following bcrypt format

$2y$10$(salt)(hash)

I'm trying to write a program in perl that can validate the laravel password that is stored in the database, but it doesnt appear Crypt::Eksblowfish::Bcrypt supports the '2y' bcrypt format. While '2a' works just fine. 

$ perl bcrypt_2a
Plain password is bcrypt as $2a$10$q4VIJI0lTJBh4O6Kfo/f/uwvN4CQWPbFutc
+8hO8bKmn3Rz6qV4xcS
Valid Password password

[download]
$ perl bcrypt_2y
bad bcrypt settings at bcrypt_2y line 22

[download]
The files bcrypt_2a and bcrypt_2y are below in case anyone has any great idea here!
=========================== 
#!/usr/bin/perl

# File: bcrypt_2a

use Crypt::Eksblowfish::Bcrypt;
use Crypt::Random;

$password = 'password';
$encrypted = encrypt_password($password);

print "Plain $password is bcrypt as $encrypted\n";

if (check_password($password, $encrypted)) {
  print "Valid Password $password\n" 
}
 
sub encrypt_password {
  my $password = shift;
  my $salt = shift || salt();
  my $settings = '$2a$10$'.$salt; 
  return Crypt::Eksblowfish::Bcrypt::bcrypt($password, $settings);
}
 
sub check_password {
  my ($plain_password, $hashed_password) = @_;
 
  # Regex to extract the salt
  if ($hashed_password =~ m!^\$2a\$10\$([A-Za-z0-9+\\\.\/]{22})!) {
    # Use a letter by letter match rather than a complete string match
+ to avoid timing attacks
    my $match = encrypt_password($plain_password, $1);
    my $bad = 0;
    for (my $n=0; $n < length $match; $n++) {
      $bad++ if substr($match, $n, 1) ne substr($hashed_password, $n, 
+1);
    }
    return $bad == 0;
  } 
  else {
    return 0;
  }
}
 
# Return a random salt
sub salt {
  return Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerand
+om_octet(Length=>16));
}

[download]

=========================== 
#!/usr/bin/perl

# File: bcrypt_2y

use Crypt::Eksblowfish::Bcrypt;
use Crypt::Random;

$password = 'password';
$encrypted = encrypt_password($password);
# from another program, a bcrypt 2y of 'password' = '$2y$10$iG2fZoSKzW
+UVn65cMDGL0uG8sWvy0G0G2Z/1Fll7zcBvEIOvn8qLG';

print "Plain $password is bcrypt as $encrypted\n";

if (check_password($password, $encrypted)) {
  print "Valid Password $password\n" 
}
 
sub encrypt_password {
  my $password = shift;
  my $salt = shift || salt();
  my $settings = '$2y$10$'.$salt; 
  return Crypt::Eksblowfish::Bcrypt::bcrypt($password, $settings);
}
 
sub check_password {
  my ($plain_password, $hashed_password) = @_;
 
  # Regex to extract the salt
  if ($hashed_password =~ m!^\$2y\$10\$([A-Za-z0-9+\\\.\/]{22})!) {
    # Use a letter by letter match rather than a complete string match
+ to avoid timing attacks
    my $match = encrypt_password($plain_password, $1);
    my $bad = 0;
    for (my $n=0; $n < length $match; $n++) {
      $bad++ if substr($match, $n, 1) ne substr($hashed_password, $n, 
+1);
    }
    return $bad == 0;
  } 
  else {
    return 0;
  }
}
 
# Return a random salt
sub salt {
  return Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerand
+om_octet(Length=>16));
}

[download]

In reply to Crypt::Eksblowfish::Bcrypt doesnt support 2y? by dallase

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.