Support for programming languages

[logix11]

I am having difficulties confirming whether some programming languages (most notably--PHP) support yescrypt. Can the maintainers of this awesome project give us insights?

[solardiz]

We have native yescrypt code for Go https://pkg.go.dev/github.com/openwall/yescrypt-go https://github.com/openwall/yescrypt-go but in other languages you'd currently access yescrypt by calling the system-provided crypt(3) function (or its corresponding thread-safe alternatives), as long as the system uses recent enough libxcrypt.

PHP used to call the system crypt(3) from its own PHP crypt() function, and perhaps also from password_verify(), when it couldn't recognize the hash type on its own. However, now that I try and test via https://3v4l.org/JdV0s it fails for yescrypt on all versions (and curiously it even segfaults on PHP 4.3.0 to 5.2.17) - I don't know whether this is specific to how that online service is setup (perhaps recent libxcrypt never available in it?) or it just doesn't work anywhere. Someone should try locally on a system with PHP and libxcrypt.

Edit: I just tried on the same Fedora system where the Perl example below works - unfortunately, in PHP it fails. Indeed, the distro-provided php binary isn't even linked against the system's libcrypt here. So maybe no luck calling into the system-provided yescrypt via PHP these days. There's still the option to invoke a separate program written in C, perhaps passing the data via stdin/stdout, or via the environment and stdout.

<?php
echo crypt('openwall', '$y$j9T$AAt9R641xPvCI9nXw1HHW/'), "\n";
echo password_verify('openwall', '$y$j9T$AAt9R641xPvCI9nXw1HHW/$cuQRBMN3N/f8IcmVN.4YrZ1bHMOiLOoz9/XQMKV/v0A'), "\n";
echo password_verify('rasmuslerdorf', '$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a'), "\n";

$ php yescrypt-test.php 
$y6rtnfhVV7JI

1

(The last line is a successful test with bcrypt, to make show what a successful check would have looked like.)

Here's a working example I have with Perl on Fedora:

#!/usr/bin/perl
print crypt('openwall', '$y$j9T$AAt9R641xPvCI9nXw1HHW/'), "\n";

$ ./yescrypt-test.pl 
$y$j9T$AAt9R641xPvCI9nXw1HHW/$cuQRBMN3N/f8IcmVN.4YrZ1bHMOiLOoz9/XQMKV/v0A

If your company or organization is in a position to fund the effort, we'd like to try and get native yescrypt support into upstream PHP proper, including into its modern password_hash / password_verify API. There's already our MD5 and bcrypt code in PHP, so we have positive experience contributing to PHP.

[logix11]

Understood, mister @solardiz. I will write a simple bash script with pipes and ensure that this process is secure enough.
As for funding, I do not think (we) can (currently) afford to fund it; however, I will keep your suggestion in mind, and if (I) see (myself) or (my organization) capable of funding this project, then I will contact the OpenWall organization, Insh'Allah. Be cheerful.
Best regards,
L. M. Oukaci.