在PHP中哈希密码并使用Java进行验证(PASSWORD_BCRYPT和jBcrypt) [英] Hash password in PHP and verify with Java (PASSWORD_BCRYPT & jBcrypt)

问题描述

我对密码的散列有疑问.我正在网页上使用它:

I have a question regarding the hashing of password. I am using this on the webpage:

$pw = password_hash($_POST[password], PASSWORD_BCRYPT);

之后，我将结果存储在数据库中.我想使用Java Web Service验证密码.为此，我正在使用这种方法:

After that I store this result in the database. With my Java Web Service I want to verify the password. For that I am using this method:

   if (BCrypt.checkpw(password, dbPwd)){
       return Response.ok("ok").build();
   }

dbPwd是我存储的密码，而password是第一种方法的纯文本密码.不幸的是，我收到以下错误代码:

dbPwd is the one I stored and password is the password in plain text from the first method. Unfortunately I am receiving this error code:

javax.servlet.ServletException:java.lang.IllegalArgumentException: 无效的盐修订版

javax.servlet.ServletException: java.lang.IllegalArgumentException: Invalid salt revision

更新

我在互联网上发现，Java方法使用2y，而jBcrypt使用2a，这是一个错误".我在2a上试用了它，并且可以正常工作，但是如何解决这个问题/使其正常工作呢?

Update

I found in the internet, that there is a "bug" the Java method is using the 2y and the jBcrypt is using 2a. I tried it with 2a and it works, but how can I fix this/ make it work?

推荐答案

经过大量挖掘，我发现jBcrypt库的更新实现: https://github.com/patrickfav/bcrypt

After a lot of digging I found a newer implementation of the jBcrypt library: https://github.com/patrickfav/bcrypt

我使用Scala，但是概念基本相同，并且为了验证$2y$哈希，我创建了一个小的实用程序函数:

I use Scala but the concepts are essentially the same and to verify a $2y$ hash I've created a small utility function:

import at.favre.lib._

  /**
    * Verifies an encrypted password against the expected value
    *
    * @link https://github.com/patrickfav/bcrypt
    * @param hash The hashed password (encypted with BCrypt version $2Y$)
    * @param password The unencrypted password string
    */
  private def verifyBcryptHash(hash: String, password: String): Boolean = {
    if (hash == null || hash.trim.isEmpty)
      false
    else
      BCrypt
        .verifyer()
        .verifyStrict(
          password.toCharArray(),
          hash.toCharArray(),
          BCrypt.Version.VERSION_2Y
        )
        .verified
  }

这篇关于在PHP中哈希密码并使用Java进行验证(PASSWORD_BCRYPT和jBcrypt)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！