Node.js中的$ 2y bcrypt哈希值 [英] $2y bcrypt hashes in Node.js
问题描述
我正在使用 $ 2y
哈希来处理旧数据库。我已经挖了一下这个,也偶然发现堆栈溢出 $ 2a
和 $ 2y
之间的差异。
I'm dealing with an old database with $2y
hashes. I've dug into this a bit, also stumbled on the stack overflow on the difference between $2a
and $2y
.
我查看了节点模块 bcrypt
似乎只生成并比较 $ 2a
哈希。
I looked into the node module for bcrypt
which seems to generate and compare only $2a
hashes.
- < a href =https://github.com/ncb000gt/node.bcrypt.js/issues/175 =nofollow noreferrer> https://github.com/ncb000gt/node.bcrypt.js/issues/175
- https:/ /github.com/ncb000gt/node.bcrypt.js/issues/349
- https://github.com/ncb000gt/node.bcrypt.js/issues/213
- https://github.com/ncb000gt/node.bcrypt.js/issues/175
- https://github.com/ncb000gt/node.bcrypt.js/issues/349
- https://github.com/ncb000gt/node.bcrypt.js/issues/213
我找到了一个网站在生成 $ 2y
哈希,所以我可以用 bcrypt
测试它们。
I found a website that generates $2y
hashes so I can test them with bcrypt
.
- http://aspirine.org/htpasswd_en.html
以下是字符串<$ c的 $ 2y
哈希的示例$ c> helloworld 。
Here's an example of a $2y
hash of the string helloworld
.
helloworld:$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW
似乎模块无法验证 $ 2y
哈希值。
Seems the module has no way of validating $2y
hashes.
这是我的测试。
var Promise = require('bluebird')
var bcrypt = require('bcrypt')
var string = 'helloworld'
Promise.promisifyAll(bcrypt)
// bcrypt.genSalt(10, function(err, salt) {
// bcrypt.hash(string, salt, function(err, hash) {
// console.log(hash)
// })
// })
var hashesGeneratedUsingBcryptModule = [
'$2a$10$6ppmIdlNEPwxWJskPaQ7l.d2fblh.GO6JomzrcpiD/hxGPOXA3Bsq',
'$2a$10$YmpoYCDHzdAPMbd9B8l48.hkSnylnAPbOym367FKIEPa0ixY.o4b.',
'$2a$10$Xfy3OPurrZEmbmmO0x1wGuFMdRTlmOgEMS0geg4wTj1vKcvXXjk06',
'$2a$10$mYgwmdPZjiEncp7Yh5UB1uyPkoyavxrYcOIzzY4mzSniGpI9RbhL.',
'$2a$10$dkBVTe2A2DAn24PUq1GZYe7AqL8WQqwOi8ZWBJAauOg60sk44DkOC'
]
var hashesGeneratedUsingAspirineDotOrg = [
'$2y$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma',
'$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW'
]
var hashesGeneratedUsingAspirineDotOrgSwippedYForA = [
'$2a$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma',
'$2a$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW'
]
hashesGeneratedUsingBcryptModule = hashesGeneratedUsingBcryptModule.map(hash => bcrypt.compareAsync(string, hash))
hashesGeneratedUsingAspirineDotOrg = hashesGeneratedUsingAspirineDotOrg.map(hash => bcrypt.compareAsync(string, hash))
hashesGeneratedUsingAspirineDotOrgSwippedYForA = hashesGeneratedUsingAspirineDotOrgSwippedYForA.map(hash => bcrypt.compareAsync(string, hash))
Promise.all(hashesGeneratedUsingBcryptModule)
.tap(() => console.log('hashesGeneratedUsingBcryptModule'))
.then(console.log)
Promise.all(hashesGeneratedUsingAspirineDotOrg)
.tap(() => console.log('hashesGeneratedUsingAspirineDotOrg'))
.then(console.log)
Promise.all(hashesGeneratedUsingAspirineDotOrgSwippedYForA)
.tap(() => console.log('hashesGeneratedUsingAspirineDotOrgSwippedYForA'))
.then(console.log)
以下是结果:
// hashesGeneratedUsingAspirineDotOrg
// [ false, false ]
// hashesGeneratedUsingBcryptModule
// [ true, true, true, true, true ]
// hashesGeneratedUsingAspirineDotOrgSwippedYForA
// [ false, false ]
我对如何在节点中比较 $ 2y
哈希感到困惑。
I'm stumped on how I can compare $2y
hashes in node.
另一个Stack Overflow问题/答案说你可以改变 $ 2y
到 $ 2a
但对我来说仍然失败。
There's another Stack Overflow question / answer that says you can just change the $2y
to $2a
but that still fails for me.
更新!
我正在使用生成器,因为它是 .htpasswd
密码生成器,您必须以此格式输入用户名和密码。
I was using the generator incorrectly because it's a .htpasswd
password generator you have to put in the username and password in this format.
reggi helloworld
输出对应于:
reggi:$2y$10$iuC7GYH/h1Gl1aDmcpLFpeJXN9OZXZUYnaqD2NnGLQiVGQYBDtbtO
之前我只需
helloword
我假设哈希是一个空字符串。
Which I'm assuming hashed a empty string.
这些更改将 y
更改为 a
适用于 bcrypt
。并且 twin-bcrypt
正常工作。
With these changes changing the y
to an a
works in bcrypt
. And twin-bcrypt
just works.
推荐答案
- 使用
bcrypt
时将y
更改为a
。 - 当使用
twin-bcrypt
时,哈希就可以了。 - When using
bcrypt
change they
to ana
. - When using
twin-bcrypt
the hash just works.
使用 http://aspirine.org/htpasswd_en.html 时请确保您提供了用户名和密码。
When using http://aspirine.org/htpasswd_en.html make sure that you provide a username and password.
reggi helloworld
然后:
reggi:$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.
这是一个包含 bcrypt
的工作示例 twin-bcrypt
。
Here's a working example with both bcrypt
and twin-bcrypt
.
var twinBcrypt = require('twin-bcrypt')
var bcrypt = require('bcrypt')
var string = 'helloworld'
var bcryptAttempt = bcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.".replace(/^\$2y/, "$2a"))
console.log(bcryptAttempt)
var twinBcryptAttempt = twinBcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.")
console.log(twinBcryptAttempt)
输出:
true
true
这篇关于Node.js中的$ 2y bcrypt哈希值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!