将Python生成的哈希与Java中的原始密码进行比较时，盐修订版无效 [英] Invalid salt revision when comparing Python generated hash with raw password in Java

问题描述

因此，我创建了一个数据库，用于存储用户信息及其哈希密码，该密码使用模块使用 Python 脚本进行哈希.

So I've created a database which stores user information and their hashed password, which is hashed using a Python script using the bcrypt module.

现在使用我的Java客户端登录，我正在使用JBCrypt库作为IntelliJ项目中的Maven依赖项包括在内.它检索哈希值，并且数据库连接工作正常，唯一的问题是它引发此错误:

Now to login using my Java client, I am using the JBCrypt library included as a Maven dependency in my IntelliJ project. It retrieves the hash and the database connection works perfectly, the only issue is that it throws this error:

Exception in thread "AWT-EventQueue-0" java.lang.IllegalArgumentException: Invalid salt revision
    at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:671)
    at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:763)
    at mypackage.Login.validateUser(Login.java:81)
    at mypackage.Login.actionPerformed(Login.java:63)
    at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967)
    at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308)
    at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
    at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
    at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:269)
    at java.desktop/java.awt.Component.processMouseEvent(Component.java:6578)
    at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3343)
    at java.desktop/java.awt.Component.processEvent(Component.java:6343)
    at java.desktop/java.awt.Container.processEvent(Container.java:2259)
    at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4961)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2317)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4793)
    at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4904)
    at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4539)
    at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4480)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2303)
    at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2758)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4793)
    at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:766)
    at java.desktop/java.awt.EventQueue.access$500(EventQueue.java:97)
    at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:717)
    at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:711)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:99)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:739)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:737)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
    at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:736)
    at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:199)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
    at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

检查代码如下:

String dbHash = results.getString("password");
System.out.println(dbHash);
boolean result = BCrypt.checkpw(new String(passwordField.getPassword()), dbHash);

编辑:来自Python模块脚本的哈希密码和原始密码的示例如下:

An example of the hashed password and raw password from the Python module script is as follows:

Raw:    zO/15;w|c'*uftH)
Hashed: $2b$12$7Y4ZmORuoH0dziYSg8dpd.PfvWQx2QPcoiRoGWg.HKfhuN6evEZnO

****我注意到这是因为JBCrypt似乎不支持大于$2a哈希的任何东西.我找不到Python的bcrypt模块文档，所以无法确定是否可以在Python代码中使用$2a哈希.

** ** I have noticed it is because JBCrypt does not seem to support anything greater than $2a hashes. I cannot find the bcrypt module documentation for Python so I cannot determine if I can use a $2a hash in the Python code.

推荐答案

问题是JBCrypt的问题.它已经过时了(它只能验证$2a哈希.

The problem was an issue with JBCrypt. It is outdated (it can verify only $2a hashes.

因此，要解决此问题，我必须更改Python脚本以生成使用$2a前缀的salt:

Therefore to fix this, I had to change the Python script to generate a salt which uses a $2a prefix:

可调前缀

bcrypt的另一个功能是可调 前缀，可让您定义与哪些库保持兼容. 要对此进行调整，请将2a或2b(默认值)传递给 bcrypt.gensalt(prefix = b"2b")作为字节对象.

Another one of bcrypt’s features is an adjustable prefix to let you define what libraries you’ll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

https://pypi.python.org/pypi/bcrypt/3.1.0

这篇关于将Python生成的哈希与Java中的原始密码进行比较时，盐修订版无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！