Is there a way to use bcrypt algorithm version 6?

Question

With the crypt() function in a C program, I got the following hash for the password "toto": $6$QSX8hjVa$Oj9IAu50jSsAAm62MOo63Ea4p1o8DC0zcR6I8N5f4jRgE0Bv0WRFEJwO4hGxAAMyOF2ON5Dwze2InWV9nDWVm1

However, when using the following code, I have an error:

package main

import (
    "fmt"
    "os"

    "golang.org/x/crypto/bcrypt"
)

func main() {
    hashToCrack := "$6$QSX8hjVa$Oj9IAu50jSsAAm62MOo63Ea4p1o8DC0zcR6I8N5f4jRgE0Bv0WRFEJwO4hGxAAMyOF2ON5Dwze2InWV9nDWVm1"
    fmt.Println(bcrypt.CompareHashAndPassword([]byte(hashToCrack), []byte("toto")))
}

$ go run main.go
crypto/bcrypt: bcrypt algorithm version '6' requested is newer than current version '2'

Using bcrypt with the $6$ ID is necessary in my project (more details in comments), but the bcrypt package doesn't seems to support this version. Is there an alternative way or do I misuse the package ?

Answer 1

Using the package github.com/tredoe/osutil/user/crypt/sha512_crypt solved my issue.

$ go get github.com/tredoe/osutil/user/crypt/sha512_crypt

package main

import (
    "fmt"
    "strings"

    "github.com/tredoe/osutil/user/crypt/sha512_crypt"
)

func main() {
    hashToCrack := "$6$QSX8hjVa$Oj9IAu50jSsAAm62MOo63Ea4p1o8DC0zcR6I8N5f4jRgE0Bv0WRFEJwO4hGxAAMyOF2ON5Dwze2InWV9nDWVm1"
    c := sha512_crypt.New()
    hash, err := c.Generate([]byte("toto"), []byte("$6$QSX8hjVa$"))
    if err != nil {
        panic(err)
    }

    fmt.Println(strings.Compare(hashToCrack, hash)) // prints 0 because they are the sames
}

$ go run main.go
0

As Steffen Ullrich mentionned in the comments, $6$ is not bcrypt but sha512crypt, as we can see in the crypt man page.

The hash variable contains the hashed password, so I can compare a hashed value with this.