I have a problem understanding the Blowfish algorithm. I have an app that wants to send login data to the database. The database needs already encrypted password. The database uses php-s CRYPT_BLOWFISH to encrypt/decrypt.
My question is, how can I encrypt the data so it is the same way as php-s Blowfish encryption? I am making apps in Swift, Kotlin and Flutter. I've tried different dependencies that use the Blowfish algorithm ,but they don't output the same hash as php. The php Blowfish is a 60-character string.
The dependencies I've tried:
Dart/Flutter: https://pub.dev/packages/blowfish_ecb
Swift: https://cocoapods.org/pods/BCryptSwift
Thank you in advance.
CodePudding user response:
Expanding on my comment:
You should not be encrypting passwords but rather hashing them. Yes, hashing the same string twice will result in different hashes because of salting. You should not be hashing and comparing in every client you have. If you change ciphers, that’s gonna be a lot of re-factoring for you and your company.
If you have many clients (i.e. mobile apps) then they should be communicating with a web server via an API. For authentication, you should probably look at existing solutions such as OAuth rather than sending usernames/emails and passwords in plaintext over the wire (even with HTTPS).
If you use something like OAuth, once a user has authorised access to the client (i.e. your mobile app) then the OAuth server (your web server) will return an OAuth token that you can store securely in the device’s keychain, and use to make subsequent requests to your API authorised as that user. So this is authentication without a user having to enter any credentials or passwords in your app at all.