Replicate php "password_hash" function

20 views
Skip to first unread message

rdvg...@gmail.com

unread,
May 3, 2019, 1:11:22 PM5/3/19
to CodenameOne Discussions
Hi

I have to connect to a web platform that keeps passwords encrypted with the "password_hash ()" function of php.

How can I encrypt the password in the same way using codename one.

Thanks for support.

Steve Hannah

unread,
May 3, 2019, 1:34:21 PM5/3/19
to codenameone...@googlegroups.com
You'll generally want to keep the password hashing in your web service as a "black box".  I.e. your client shouldn't know anything about it.  You send the unhashed password from the client to your PHP web service.  Then you can hash that password and compare it to the stored value in PHP.

--
You received this message because you are subscribed to the Google Groups "CodenameOne Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to codenameone-discu...@googlegroups.com.
Visit this group at https://groups.google.com/group/codenameone-discussions.
To view this discussion on the web visit https://groups.google.com/d/msgid/codenameone-discussions/0fc19324-8b4d-4643-96ec-63d2ff27c2a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Steve Hannah
Software Developer
Codename One

rdvg...@gmail.com

unread,
May 4, 2019, 3:58:40 PM5/4/19
to CodenameOne Discussions
Thanks for the reply.
In my case, I have a web development in php where users are created using the password encryption function ("password_hash").
For communication with mobile devices I have a web service developed in java.

It sounds logical that you send the user and password to the web service (in java) and that it validates the password hash.

In php, the "password_verify" function is used to compare the password against its hash equivalent.

Do you know of any api in java that does the right thing?

Shai Almog

unread,
May 5, 2019, 12:23:31 AM5/5/19
to CodenameOne Discussions
Do you mean in the Java server side?
In which server platform?

The way this normally works is that the user logs in using the username/password. Then you get back an authorization token which is a static randomly generated key to access the services in the server. That saves you the need from passing username/password to the server. If you have a local password on the device you can use the bouncy castle cn1lib which includes hashing functions such as SHA, MD5 etc.
Reply all
Reply to author
Forward
0 new messages