The limit is 72 bytes, not 51. The limit of 51 is wrong, or is a confusion, or recent implementations do not follow the original. In fact, I think that limit originates from the Blowfish limit, Blowfish https://www.schneier.com/academic/archives/1994/09/description_of_a_new.html , such algorithm is used by BCrypt.The version of Bcrypt 2A (and following) requires that the password use UTF-8 and that it ends a null, so it is used 71 characters + 1 null. Is that what PHP uses to increase the character limit?No. PHP uses normal Bcrypt, including its result can be used in other implementations, from other languages.Does that extra limit bring any security issues?No, in general. No common user uses passwords larger than 71 characters, however it would be ideal to limit user input and notify you that the password is long. Can he be disabled or burled?Use another algorithm, PHP already supports Argon2id, which is the winner of https://password-hashing.net and in old versions already has support for PBKDF2, which is an alternative too, although I do not advise. If you are using some obsolete version, then security is not priority. If you really want to use gambiarras, there are as, but also have side effects.password_hash(base64_encode(hash("sha384", $password, true)), PASSWORD_BCRYPT) This will make the user input use the sha384, first, before BCrypt. BCrypt will use the result sha384 (48 bytes) in Base64 (fixing within the limit, using 64 characters). But you will decrease the maximum entropy from 71 to 48. The reason to use sha384 is because of the size, and the https://pt.stackoverflow.com/questions/280442/d%C3%BAvida-sobre-null-byte-no-bcrypt-php .

O hashPassword includes the salt used. I practically answered that https://pt.stackoverflow.com/a/204641/15089 , but since the question wasn't specifically about that, then I think I can answer here too.The same way that "works in the Node" is the same that works anywhere, since it implements the same BCrypt.BCrypt is deterministic. For this reason you will have the same result if using the same salt, as well as any existing KDF. In BCrypt it has three parameters:Computational cost.Salt.Password.There are other derivative functions (KDFs) that have other input parameters. Argon2, for example, has individual cost parameters (for memory, iteration and etc.), parameters output length. On the other hand, the HKDF does not have computational cost, because it is not intended for passwords, but hash length, the result, flexible.As a result you will have:"Hash."However, the first two values are public in the case of BCrypt. Therefore, BCrypt itself uses a format, similar to http://passlib.readthedocs.io/en/stable/modular_crypt_format.html#overview , where:${Algoritmo}${Custo}${Salt}{Hash} Thus the hash is included in values that allow you to compare the same hash, since we know the algorithm, the cost, the salt and the expected result.A small test, with a result of:$2b$10$111111111111111111111u1Fg3CCqE4CYDkm0w0C9gxJ.HpXSNHlS You can get the algorithm, the cost, the salt and the "hash expected", so: let resultado = '$2b$10$111111111111111111111u1Fg3CCqE4CYDkm0w0C9gxJ.HpXSNHlS'; let algo = resultado.substring(1, 3); let custo = resultado.substring(4, 6); let salt = resultado.substring(7, 29); So just do it bcrypt.hash and you can compare the value, normally:const crypto = require('crypto'); const bcrypt = require('bcrypt'); async function init(plainPassword) { let resultado = '$2b$10$111111111111111111111u1Fg3CCqE4CYDkm0w0C9gxJ.HpXSNHlS'; let algo = resultado.substring(1, 3); let custo = resultado.substring(4, 6); let salt = resultado.substring(7, 29); let hash = await bcrypt.hash(plainPassword, '$' + algo + '$' + custo + '$' + salt); console.log(crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(resultado))); } init('cba'); See that there is no bcrypt.compare, crypto.timingSafeEqual do the same as the ===, however it is safe against timing-attack. That's basically what bcrypt.compare does, when you include hashPassword it already has the necessary data.

The parameter must be of the type bytes, you can call it in two ways, giving a cast to byteshashed = bcrypt.hashpw(b'teste',bcrypt.gensalt()) or using a encoding:hashed = bcrypt.hashpw('teste'.encode("utf-8"),bcrypt.gensalt())

If the final password is in hashing crypt, YES! For it is impossible to decrypt it to make an analysis of each character. Then you will have to encrypt all possible passwords and validate them.But you can optimize this validation with SQL.$senhasPossiveis = array( "sajEeYaHYyeSU"; "saepDgtryRTsw"; "saQ30SFLolsHo"; "saIie8xFtO5cg"; "saIie8xFtO5cg"; "saepDgtryRTsw"; "saepDgtryRTsw"; "saIie8xFtO5cg"; "saepDgtryRTsw"; "saIie8xFtO5cg"; ); $sql = "SELECT senha, email FROM usuarios WHERE email = '$email' AND ( "; foreach($senhasPossiveis as $senha){ $sql .= "senha = '".$senha."' OR "; } $sql .= substr($sql, 0, -3).")"; In the end your query will look like this:SELECT senha, email FROM usuarios WHERE email = '$email' AND ( senha = 'sajEeYaHYyeSU' OR senha = 'saepDgtryRTsw' OR senha = 'saIie8xFtO5cg' OR senha = 'saepDgtryRTsw' OR senha = 'sajEeYaHYyeSU' OR senha = 'saIie8xFtO5cg' OR senha = 'sajEeYaHYyeSU' OR senha = 'saIie8xFtO5cg') _This solution is also goodYou can use the password_verifyif (password_verify('12345', 'sajEeYaHYyeSU')) { echo 'Senha válida'; } else { echo 'Senha errada'; } So you can do the select in the bank, redeem the password in hash and check by php combinations without encrypting password by password. I believe it's better. You'd need to run tests.

Several PHP functions are (or have already been) vulnerable to null bytes, one of the biggest problems was include(), that PHP stopped when finding the null, which allowed to ignore the file extension.In the case of BCrypt (I don't know how Argon2i walks in PHP), he will use the string until he finds a null.So...$hash = '$2y$10$/nX1tLiwOsGWL4MhUjfEIOBKLV.Oa/uVy7rxqxih2SeNIkCk8doEW'; echo (int)password_verify("a", $hash); echo PHP_EOL; echo (int)password_verify("a\0bcde", $hash); echo PHP_EOL; echo (int)password_verify("a\0zzzzz", $hash); echo PHP_EOL; All of them return 1Even if they're different.This is because the hash in question was created with a null, so that:password_hash("a\0 Qualquer Coisa Aqui Será Ignorada", PASSWORD_DEFAULT) This is the null-byte problem. In general it is not a big problem, since password should be set using nulls, as far as I know. However this will circumvent the minimum number of characters for a password. Why? a\0 Qualquer Coisa Aqui Será Ignorada will be more than 10 bytes, for example, but your password will have only 1 byte (a).The solution of this is to make a pre-hashing, but must encode for a safe format, after all the result of a SHA-2, for example, may contain a null.The other option may be to abandon BCrypt, you have LibSodium in PHP, I think these functions (specifically sodium_crypto_pwhash_str) have no problems.

Uninstall the gems pertaining to bcrypt and reinstall as in the last line below:gem uninstall bcrypt-ruby gem uninstall bcrypt gem install bcrypt --platform=ruby Then, in your Gemfile, replace the line of bcrypt bygem 'bcrypt', '~> 3.1.11' Stop the Rails server and run bundle install and then you can start the server again. Some possible solutions can also be seen https://github.com/codahale/bcrypt-ruby/issues/142 .

Is it your choice not to use bcrypt asynchronously?Thanks for alerting me, new here on the stack. Anyway, that would be my solution to your problem:const Promise = require('bluebird'); const bodyParser = require('body-parser'); const bcrypt = Promise.promisifyAll(require('bcrypt-nodejs')); //Bring in User Model let User = require('../models/user'); var urlencodedParser = bodyParser.urlencoded({extended: false}); module.exports = function(app){ app.get('/signup', function(req, res){ res.render('signup'); }); app.post('/signup', urlencodedParser, function(req, res){ const fstName = req.body.userName; const sncName = req.body.userLastName; const email = req.body.userEmail; const pass = req.body.userPassword; const rePass = req.body.userRePassword; const birDay = req.body.userBirDay; const birMonth = req.body.userBirMonth; const birYear = req.body.userBirYear; const gender = req.body.userGender; const birthday = birYear + '-' + birMonth + '-' + birDay; let newUser = new User({ firstName: fstName, lastName: sncName, email: email, password: pass, birthday: birthday, gender:gender }); const SALT_FACTOR = 8; bscript.genSaltAsync(SALT_FACTOR) .then(salt => bcrypt.hashAsync(newUser.password, salt, null)) .then(hash => { newUser.password = hash; newUser.save().then(() => res.render('signup')); }); }); }; In addition to making asynchronous, I also traded the bcryptjs by the bcrypt-nodejs (on a project I made had trouble with it) and installed the bluebird for the task of promises. I hope that works out.

To ensure that it is exactly the same as the bcrypt of the one generated by the laravel, it makes a controlr to call an ajax, a kind of webservice, this controlr will have the function to return public function getBcrypt($secret) { return bcrypt('secret'); } in your php file you can call this url via curl or ajax, will generate the encrypted code perfectly.

I managed to solve, in that case it was some mistake with the logica I was using, simplifying it to a simple if and a salt generated with bcrypt managed to encrypt the password field.schema.pre('save', function(next) { if(this.passwd) { var salt = bcrypt.genSaltSync(10) this.passwd = bcrypt.hashSync(this.passwd, salt) } next() });

jBCrypt is simply an algorithm implementation http://pt.wikipedia.org/wiki/Bcrypt so that:There is no bug in this implementation ( https://github.com/josephw/jBCrypt/issues ); and:No vulnerability has been discovered in this algorithm (it was not).Then you can say he's still safe.The fact that it has not been updated two years ago does not mean anything in this case, only that the system has been completed, complies well with its purpose, and there is nothing else to do. It would be interesting that he was peer review by people with experience in cryptographic systems, but in the absence of this, we only have the fact that there was no evidence of any problems. .As for alternatives, I do not know specific implementations, but the bcrypt algorithm is one of the most recommended (the others being http://en.wikipedia.org/wiki/PBKDF2 and http://en.wikipedia.org/wiki/Scrypt ). See https://pt.stackoverflow.com/q/2402/215 for more details about these algorithms (and the hash process in general).

From what I noticed, you are not generating the password hash typed by the user again during login.Change the following line:if($userRow['PASSWORD']==$upass) To:if($userRow['PASSWORD']==crypt($upass)) Remembering that Blowfish works with a processing cost parameter. So, you need to apply the same cost you are applying at the time of registering the user.

I found the solution, generate a Jump static passing a String:public static String salt = "string aleatória"; Or do not make the hash during login:public Result fazLogin() { DynamicForm formulario = formularios.form().bindFromRequest(); String email = formulario.get("email"); String senha = formulario.get("senha"); Optional<Usuario> possivelUsuario = usuarioDAO.comEmail(email); if (possivelUsuario.isPresent()) { Usuario usuario = possivelUsuario.get(); if (usuario.isVerificado() && BCrypt.checkpw(senha, usuario.getSenha())) { session(AUTH, usuario.getEmail()); flash("success", "Login foi efetuado com sucesso!"); return redirect(routes.UsuarioController.painel()); } else if(!usuario.isVerificado()){ flash("warning", "Usuario ainda nao confirmado! Confirma seu email!"); } } else { flash("danger", "Credenciais invalidas!"); } return redirect(routes.UsuarioController.formularioDeLogin()); }

in PHP<?php /** * Note that the salt here is randomly generated. * Never use a static salt or one that is not randomly generated. * * For the VAST majority of use-cases, let password_hash generate the salt randomly for you */ $options = [ 'cost' => 11, 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM), ]; echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."\n"; ?> In Java http://www.mindrot.org/projects/jBCrypt/ // Hash a password for the first time String hashed = BCrypt.hashpw(password, BCrypt.gensalt()); // gensalt's log_rounds parameter determines the complexity // the work factor is 2**log_rounds, and the default is 10 String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12)); // Check that an unencrypted password matches one that has // previously been hashed if (BCrypt.checkpw(candidate, hashed)) System.out.println("It matches"); else System.out.println("It does not match"); can be the different jump so I'm putting how to change the jump from 2.Source https://stackoverflow.com/questions/20953553/how-to-have-the-same-password-compatible-with-both-java-and-php The normal bcrypt will not result in what you search natively but jBcrypt can bring you to look at the stack in English brings you the rest of the answer.

O beforeUpdate depends on how the update is performed, because it only works on instance.save() or instance.update(values).To model.update(values, options) Use beforeBulkUpdate.

It would have to be the method save inside for For change the password:public function recadastroSenha(){ $users = User::whereRaw("flag_del = 0 ")-&gt;get(); foreach($users as $user){ $senha = "senha123"; $user-&gt;password = bcrypt($senha); $user-&gt;save(); } }

Your code seems right to me. I don't know that specific library (I've got that workFactor was used as parameter of GenerateSalt, and not of HashPasswordbut (and as seen in the table above, a weak password is beyond salvation by any hash, so make sure that passwords - especially admin - have minimum security parameters)

The problem is that findByIdAndUpdate, as well as most family functions update of the mongoose, do not instance Model and therefore do not perform:defaultssettersvalidatorsmiddlewareThere is a note about this at the end of the method documentation findByIdAndUpdate [1]. The recommended is to replace with:Model.findById(id, function (err, doc) { if (err) .. doc.name = 'jason borne'; doc.save(callback); }) Of course, there you are doing two queries and stay at your discretion whether this is a problem or not. I suppose when you're updating the user, you've already autenticouated it and therefore you already have your document in memory. In that case, you would not have to give this find, just sort out a way to split the instance used in authentication with the route.Using passport, in general, there is an instance of the document (or whatever is passed to passport.deserializeUser na propriedadereq.user.[1] - http://mongoosejs.com/docs/api.html#model_Model.findByIdAndUpdate

On the mob being evident to an attacker: in fact this does not mean anything. The security of your system lies in the difficulty of attacking, not in the difficulty of discovering which algorithm was used. For starters, any algorithm that has a faster attack than brute force is broken and should not be used.Among the algorithms that have no easy attack, that is, they are only broken by brute force, security increases when more costly (in time and money) is to make this brute force. And that's where more time-consuming hash algorithms take advantage over the quick hashes: an MD5 was created so that it was quickly calculated, and being "calculated quickly" is bad for safety.Of the 3 algorithms you mention, we can analyze:PBKDF2 : the number of iterations is configurable, i.e. you can make it take longer to be processed. But since it requires few circuits for its processing and little RAM, it is possible to use video cards (GPUs) or programmable/optimized circuits (such as ASICs). In this way it is possible to make a low-cost attack.BCrypt: as it makes a more intense use of RAM memory, the cost / difficulty of making a specific hardware to attack it is higher. In this way, it is more securo than PBKDF2. And he is in use already has some time, which means that his safety has already been tested and has not yet been broken. Only that the amount of RAM it uses is not yet gigantic, and therefore the cost of building hardware to break it is greater than that of PBKDF2, but it is not as large as that of SCrypt.SCrypt: SCrypt requires a large amount of memory for its calculation (nothing that a common PC or a server cannot make available, but large enough to hinder the use of GPUs or dedicated hardware). Since it's a newer algorithm, it hasn't spent the same time as BCrypt being tested in real life, and so it may be that it has some undiscovered failure yet.A rule to see what is most suitable for your application: what would be the interest of someone investing money to break the security of your application? If it's something so valuable (e.g. bank security or bitcoins), use the most expensive solution for the attacker (Scrypt). If you only need reasonable security, PBKDF2 or BCrypt will be more than enough.

It seems to me that the problem is that you are not inside the folder that has the go.mod by compiling your code.Supposing I have a project with the following structure:playground |_src | |_main.go |_go.mod And try to run the project out of the folder playground with go run playground/src/main.go, I would receive the error:playground\main.go:6:2: no required module provides package golang.org/x/crypto/bcrypt: go.mod file not found in current directory or any parent directory; see 'go help modules' For the compiler could not find go.mod, and therefore do not know the meta-information bcrypt (like the version).Now if I enter into the folder with cd playground and then rolled go run src/main.go, the design compiles and runs perfectly.

I suggest this edition:userSchema.pre('save', async function () { if (this.isModified('password')) { this.password = await User.hash(this.password) } }) userSchema.statics.hash = function(password) { return bcrypt.hash(password, 10) } userSchema.methods.matchesPassword = function(this, password) { return bcrypt.compare(password, this.password) } // ... const user = await User.findOne({ email }) if (!(await user.matchesPassword(password))) { throw new Error('Senha Incorreta') }