BCrypt: how can I generate a salt from the string I am hashing?

Question

Short question: I do NOT want to use bcrypt random generated salts. Let's say the password I am hashing is "abcd1234". In the good old days, the salt would be "ab" or "abcd" or "abcd12", in other words, the salt would be the first N characters of the password where N is the required minimum length of a password. So how do I generate a valid bcrypt salt from the password itself?

Long question: I am working with a messaging system, in other words, a message will be sent out internally for authentication and I cannot include the plain-text password in this message for obvious reasons. So the flow should be something like that:

• Machine A gets the password in clear-text
• Machine A hashes the password with bcrypt
• The hashed (ie safe) password is sent in my internal message
• Machine B, which is the authentication machine with the database of hashed passwords, get the message and now it has to compare the hashed password it received with the hashed password in the database for authentication.

But how can I do that if BCrypt does NOT allow me to use a salt derived from my plain-text password? Machine A knows nothing about any salt. It does not have any access to the database. Machine B is the one who will know that. So there must be a way to derive my bcrypt salt from "abcd1234" or bcrypt should have a method:

check(String hashedPasswordWithSaltA, String hashedPasswordWithSaltB);

Putting it down in straightforward terms: Machine A gets the password and Machine B is the one that has the authentication database. I don't want to have to pass the password in clear text from A to B, but it looks like bcrypt forces me to do that. :(

Answer 1

Just transmit the salt with the hashed password. The point of salting a password is so that in a database, two passwords that are the same in plaintext have different hashes. If you generate this salt from the password itself, this logic falls over. Additionally, as for decrypting purposes you have to store the salt in plaintext, you are essentially revealing a chunk of the users password.

TLDR: Let Bcrypt generate salts for you. Then transmit the salts with the hashed password. Salts are not meant to be secret.

Answer 2

You have actually two options to solve this problem.

1) Every website has this problem, because the password must be sent to the server. This is usually solved by using an encrypted connection (HTTPS/SSL). The password will only be encrypted (two-way), transferred to machine2 (server), decrypted and afterwards hashed.

2) You can hash the password on machine1 with BCrypt with a random salt, send it to machine2 and store the hash. To validate the password, machine1 would first have to ask machine2 for the used salt, then it hashes the password with this salt, and afterwards sends the hash to machine2. Machine2 can verify the password because the same salt was used.

I had a quick look at a jBCrypt example , it seems that you can generate the salt yourself and pass it as parameter. So you could actually derrive the salt from the password, but this makes the salt useless, it becomes just a more complex hash function.