sha512-crypt mysql和dovecot [英] sha512-crypt mysql and dovecot
问题描述
我有一个有关理解sha512-crypt哈希的问题.我发现此教程可以设置dovecot和postfix MySQL的.我遵循了该教程(进行了少量修改),并且一切正常.但是有一件事,我不明白:
I have a question about understanding sha512-crypt hashing. I found this tutorial to set up dovecot and postfix with mysql. I followed the tutorial (with slight modifications) and everything works fine. But there is one thing, that I do not understand:
要添加用户,我应该使用:
To add a user, I should use:
INSERT INTO `mailserver`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email1@example.com'),
('2', '1', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email2@example.com');
再次,这非常正常,即我可以使用密码(只有密码)登录鸽舍.但为什么?如果我看对了,它会使用随机盐加密密码,但不会将其保存在任何地方.因此,对同一密码进行两次哈希运算会给我2个不同的哈希值(我尝试过).所以我的问题可以归结为: 我能否简要解释一下sha-512(我在网上找不到)以及有关这些行为何起作用的解释?
and again, this works perfectly fine, i.e. I can log in with my password (and only my password) to dovecot. But why? If I see it right, it encrypts the password with a random salt, but it doesn't save it anywhere. So hashing the same password twice gives me 2 different hashes (I tried it). So my question boils down to: Could I get a brief explanation of sha-512 (which I couldn't find online) and and explanation as to why these lines work?
已经感谢
推荐答案
将盐保存为密码的一部分.例如调用:
The salt is saved as part of the password. For example calling:
ENCRYPT('firstpassword', CONCAT('$6$', 'FooBarBaz'))
给予
$ 6 $ FooBarBaz $ .T.G.7FRJqZ6N2FF7b3BEkr5j37CWhwgvPOOoccrr0bvkBbNMmLCxzqQqKJbNhnhC.583dTBLEuZcDuQe7NEe.
$6$FooBarBaz$.T.G.7FRJqZ6N2FF7b3BEkr5j37CWhwgvPOOoccrr0bvkBbNMmLCxzqQqKJbNhnhC.583dTBLEuZcDuQe7NEe.
它存储使用的算法(6为SHA512)和盐('FooBarBaz')均被$
偏斜.
This stores both the algorithm used (6 being SHA512) and the salt ('FooBarBaz') both delinated by $
.
要检查密码,您可以使用:
To check a password you can use:
password = ENCRYPT('user_input', `password`)
ENCRYPT
将从存储的密码中抢夺盐,并在检查user_input
时使用它.
ENCRYPT
will grab the salt from the stored password and use this when checking user_input
.
在此答案中详细说明了密码检查,对hek2mgl进行了全额退款.
Full credit to hek2mgl for the password check he detailed in this answer.
这篇关于sha512-crypt mysql和dovecot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!