sha512-crypt mysql和dovecot [英] sha512-crypt mysql and dovecot

问题描述

我有一个有关理解sha512-crypt哈希的问题.我发现此教程可以设置dovecot和postfix MySQL的.我遵循了该教程(进行了少量修改)，并且一切正常.但是有一件事，我不明白:

I have a question about understanding sha512-crypt hashing. I found this tutorial to set up dovecot and postfix with mysql. I followed the tutorial (with slight modifications) and everything works fine. But there is one thing, that I do not understand:

要添加用户，我应该使用:

To add a user, I should use:

INSERT INTO `mailserver`.`virtual_users`
  (`id`, `domain_id`, `password` , `email`)
VALUES
  ('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),    'email1@example.com'),
  ('2', '1', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email2@example.com');

再次，这非常正常，即我可以使用密码(只有密码)登录鸽舍.但为什么?如果我看对了，它会使用随机盐加密密码，但不会将其保存在任何地方.因此，对同一密码进行两次哈希运算会给我2个不同的哈希值(我尝试过).所以我的问题可以归结为: 我能否简要解释一下sha-512(我在网上找不到)以及有关这些行为何起作用的解释?

and again, this works perfectly fine, i.e. I can log in with my password (and only my password) to dovecot. But why? If I see it right, it encrypts the password with a random salt, but it doesn't save it anywhere. So hashing the same password twice gives me 2 different hashes (I tried it). So my question boils down to: Could I get a brief explanation of sha-512 (which I couldn't find online) and and explanation as to why these lines work?

已经感谢

推荐答案

将盐保存为密码的一部分.例如调用:

The salt is saved as part of the password. For example calling:

ENCRYPT('firstpassword', CONCAT('$6$', 'FooBarBaz')) 

给予

$ 6 $ FooBarBaz $ .T.G.7FRJqZ6N2FF7b3BEkr5j37CWhwgvPOOoccrr0bvkBbNMmLCxzqQqKJbNhnhC.583dTBLEuZcDuQe7NEe.

$6$FooBarBaz$.T.G.7FRJqZ6N2FF7b3BEkr5j37CWhwgvPOOoccrr0bvkBbNMmLCxzqQqKJbNhnhC.583dTBLEuZcDuQe7NEe.

它存储使用的算法(6为SHA512)和盐('FooBarBaz')均被$偏斜.

This stores both the algorithm used (6 being SHA512) and the salt ('FooBarBaz') both delinated by $.

要检查密码，您可以使用:

To check a password you can use:

password = ENCRYPT('user_input', `password`)

ENCRYPT将从存储的密码中抢夺盐，并在检查user_input时使用它.

ENCRYPT will grab the salt from the stored password and use this when checking user_input.

在此答案中详细说明了密码检查，对hek2mgl进行了全额退款.

Full credit to hek2mgl for the password check he detailed in this answer.

这篇关于sha512-crypt mysql和dovecot的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！