bcrypt.CompareHashAndPassword compatible with PHP's password_hash

I have a legacy database with users (data generated by PHP, yii2 framework) and tried to use it in Go for authentication. Stored passwords have prefix $2a$ and also if I generate a new password in Go (bcrypt.GenerateFromPassword) it has the same prefix. However, if I try bcrypt.CompareHashAndPassword I always get password mismatch. Did someone have the same problem?

Resolved. I actually had a bug when migrating data from the legacy MySQL database to Mongo. I used collection model (built inhouse) which had password hash in beforeSave event. This used to hash already hased password, so it broke it.

Yes, they are compatible :slight_smile:

By the way, actually both have $2y$ prefix.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.