Home/ Questions/Q 7007945
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T21:40:21+00:00

Given that I know the hashed password, salt & original password generated with Authlogic

  • 0

Given that I know the hashed password, salt & original password generated with Authlogic (ruby on rails gem).

Is it possible in PHP devise a function to check if a users password matches the users Ruby Authlogic hashed_pw in the DB? I need to integrate an existing PHP app with the ruby app without resetting all the Ruby users passwords.

I tried something like below but it didn’t seem to work

function passwordhash($password, $salt)
{
 return hash('sha512', "{$password}:{$salt}");
}
echo passwordhash("orange","NsxUt51YVzK4dFeVJOj");
output: 7b4a69291354dc3591e490f47f29d5a4a4b6d7faa23d01a1ee595b917526b65e2dda48e978c46b81dde0269adc3f853a36c075d236eb89c8f6b21811fe3da1bb

The DB info is

crypted_password 
f777c545bf9844faaa5f3b129e77e4199539793d907e397ddc97d1bb747a30d402201bd11ed9ca0eaecbf3b9652b314aa919d65904c64d4169ce0e1ac1c526a4

password_salt
NsxUt51YVzK4dFeVJOj

real password
orange

It seems like this should be possible what am I missing?

Thanks,
Ryan

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    My perusal of the authlogic code suggests 2 things:

    • It doesn’t use : to separate the password from the salt (i.e. the first string to be digested is orangeNsxUt51YVzK4dFeVJOj
    • It does a sha512 digest on the output of the first process and repeats this process 20 times

    The other thing is that authlogic supports a large number of hashing strategies – make sure that you’re trying to reimplement the correct one! It certainly looks like the 20 fold sha512 is the right one though.

    Link: https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/crypto_providers/sha512.rb

    • 0