Node.js中的$ 2y bcrypt哈希值 [英] $2y bcrypt hashes in Node.js

查看:317
本文介绍了Node.js中的$ 2y bcrypt哈希值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 $ 2y 哈希来处理旧数据库。我已经挖了一下这个,也偶然发现堆栈溢出 $ 2a $ 2y 之间的差异。

I'm dealing with an old database with $2y hashes. I've dug into this a bit, also stumbled on the stack overflow on the difference between $2a and $2y.

我查看了节点模块 bcrypt 似乎只生成并比较 $ 2a 哈希。

I looked into the node module for bcrypt which seems to generate and compare only $2a hashes.

  • https://github.com/ncb000gt/node.bcrypt.js/issues/175
  • https://github.com/ncb000gt/node.bcrypt.js/issues/349
  • https://github.com/ncb000gt/node.bcrypt.js/issues/213

我找到了一个网站在生成 $ 2y 哈希,所以我可以用 bcrypt 测试它们。

I found a website that generates $2y hashes so I can test them with bcrypt.

  • http://aspirine.org/htpasswd_en.html

以下是字符串<$ c的 $ 2y 哈希的示例$ c> helloworld 。

Here's an example of a $2y hash of the string helloworld.

helloworld:$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW

似乎模块无法验证 $ 2y 哈希值。

Seems the module has no way of validating $2y hashes.

这是我的测试。

var Promise = require('bluebird')
var bcrypt = require('bcrypt')

var string = 'helloworld'

Promise.promisifyAll(bcrypt)

// bcrypt.genSalt(10, function(err, salt) {
//   bcrypt.hash(string, salt, function(err, hash) {
//     console.log(hash)
//   })
// })

var hashesGeneratedUsingBcryptModule = [
  '$2a$10$6ppmIdlNEPwxWJskPaQ7l.d2fblh.GO6JomzrcpiD/hxGPOXA3Bsq',
  '$2a$10$YmpoYCDHzdAPMbd9B8l48.hkSnylnAPbOym367FKIEPa0ixY.o4b.',
  '$2a$10$Xfy3OPurrZEmbmmO0x1wGuFMdRTlmOgEMS0geg4wTj1vKcvXXjk06',
  '$2a$10$mYgwmdPZjiEncp7Yh5UB1uyPkoyavxrYcOIzzY4mzSniGpI9RbhL.',
  '$2a$10$dkBVTe2A2DAn24PUq1GZYe7AqL8WQqwOi8ZWBJAauOg60sk44DkOC'
]

var hashesGeneratedUsingAspirineDotOrg = [
  '$2y$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma',
  '$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW'
]

var hashesGeneratedUsingAspirineDotOrgSwippedYForA = [
  '$2a$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma',
  '$2a$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW'
]

hashesGeneratedUsingBcryptModule = hashesGeneratedUsingBcryptModule.map(hash => bcrypt.compareAsync(string, hash))
hashesGeneratedUsingAspirineDotOrg = hashesGeneratedUsingAspirineDotOrg.map(hash => bcrypt.compareAsync(string, hash))
hashesGeneratedUsingAspirineDotOrgSwippedYForA = hashesGeneratedUsingAspirineDotOrgSwippedYForA.map(hash => bcrypt.compareAsync(string, hash))

Promise.all(hashesGeneratedUsingBcryptModule)
.tap(() => console.log('hashesGeneratedUsingBcryptModule'))
.then(console.log)

Promise.all(hashesGeneratedUsingAspirineDotOrg)
.tap(() => console.log('hashesGeneratedUsingAspirineDotOrg'))
.then(console.log)

Promise.all(hashesGeneratedUsingAspirineDotOrgSwippedYForA)
.tap(() => console.log('hashesGeneratedUsingAspirineDotOrgSwippedYForA'))
.then(console.log)

以下是结果:

// hashesGeneratedUsingAspirineDotOrg
// [ false, false ]
// hashesGeneratedUsingBcryptModule
// [ true, true, true, true, true ]
// hashesGeneratedUsingAspirineDotOrgSwippedYForA
// [ false, false ]

我对如何在节点中比较 $ 2y 哈希感到困惑。

I'm stumped on how I can compare $2y hashes in node.

另一个Stack Overflow问题/答案说你可以改变 $ 2y $ 2a 但对我来说仍然失败。

There's another Stack Overflow question / answer that says you can just change the $2y to $2a but that still fails for me.

更新!

我正在使用生成器,因为它是 .htpasswd 密码生成器,您必须以此格式输入用户名和密码。

I was using the generator incorrectly because it's a .htpasswd password generator you have to put in the username and password in this format.

reggi helloworld

输出对应于:

reggi:$2y$10$iuC7GYH/h1Gl1aDmcpLFpeJXN9OZXZUYnaqD2NnGLQiVGQYBDtbtO

之前我只需

helloword

我假设哈希是一个空字符串。

Which I'm assuming hashed a empty string.

这些更改将 y 更改为 a 适用于 bcrypt 。并且 twin-bcrypt 正常工作。

With these changes changing the y to an a works in bcrypt. And twin-bcrypt just works.

推荐答案


  • 使用 bcrypt 时将 y 更改为 a

  • 当使用 twin-bcrypt 时,哈希就可以了。

    • When using bcrypt change the y to an a.
    • When using twin-bcrypt the hash just works.

      • 使用 http://aspirine.org/htpasswd_en.html 时请确保您提供了用户名和密码。

      When using http://aspirine.org/htpasswd_en.html make sure that you provide a username and password.

      reggi helloworld

      然后:

      reggi:$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.

      这是一个包含 bcrypt 的工作示例 twin-bcrypt

      Here's a working example with both bcrypt and twin-bcrypt.

      var twinBcrypt = require('twin-bcrypt')
var bcrypt = require('bcrypt')

var string = 'helloworld'

var bcryptAttempt = bcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.".replace(/^\$2y/, "$2a"))
console.log(bcryptAttempt)

var twinBcryptAttempt = twinBcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.")
console.log(twinBcryptAttempt)

      输出:

      true
true

      这篇关于Node.js中的$ 2y bcrypt哈希值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆