使用$ 2y版本的bcrypt-ruby验证哈希密码 [英] Using bcrypt-ruby to validate hashed passwords using version $2y
问题描述
我们处于一个束缚之中,我们需要使用Ruby针对现有的用户数据库对用户进行身份验证.用户的密码全部使用password_compat PHP库生成.所有哈希密码均以$ 2y开头.
We're in a bit of a bind where we need to use Ruby to auth users against an existing db of users. The user's passwords were all generated using password_compat PHP library. All the hashed passwords start with $2y.
我一直在使用bcrypt-ruby尝试对用户进行身份验证,但未成功.
I've been using bcrypt-ruby to try and authenticate the users and I haven't found any success.
#This user's password is "password"
irb(main):041:0> g = BCrypt::Password.new("$2y$10$jD.PlMQwFSYSdu4imy8oCOdqKFq/FDlW./x9cMxoUmcLgdvKCDNd6")
=> "$2y$10$jD.PlMQwFSYSdu4imy8oCOdqKFq/FDlW./x9cMxoUmcLgdvKCDNd6"
irb(main):042:0> g == "password"
=> false
irb(main):044:0> g.version
=> "2y"
irb(main):045:0> g.cost
=> 10
irb(main):046:0> g.salt
=> "$2y$10$jD.PlMQwFSYSdu4imy8oCO"
irb(main):047:0> g.hash
=> -219334950017117414
总体而言,我对bcrypt或加密没有很丰富的经验.bcrypt-ruby可以处理$ 2y吗?我查看了源代码,但我认为这不可能.这是底层操作系统(我正在使用OS X)的问题吗?
I'm not very experienced with bcrypt or encryption in general. Can bcrypt-ruby handle $2y? I looked through the source and I don't think it can. Is this the fault of the underlying OS (I'm using OS X)?
推荐答案
是的,bcrypt-ruby可以处理以 2y
散列的密码.您只需要将 2y
替换为 2a
:
Yes, bcrypt-ruby can handle passwords hashed with 2y
. You just need to replace the 2y
by 2a
:
irb(main):002:0> BCrypt::Password.new("$2a$10$jD.PlMQwFSYSdu4imy8oCOdqKFq/FDlW./x9cMxoUmcLgdvKCDNd6") == "password"
=> true
这是必要的,因为bcrypt-ruby似乎遵循 Solar Designer提出的第一个建议就是 2x
对符号扩展错误"的向后兼容支持:
This is necessary as bcrypt-ruby seems to follow Solar Designer’s first suggestion to introduce just 2x
for a backward-compatible support for the "sign extension bug":
[…]我正在考虑保持支持另一个前缀下的散列散列-例如,"$ 2x $"(其中"x"代表签名扩展错误"),而不是通常的"$ 2a $".
[…] I am considering keeping support for the broken hashes under another prefix - say, "$2x$" (where the "x" would stand for "sign eXtension bug") instead of the usual "$2a$".
后来他建议还引入 2y
前缀以便更好地区分这三个版本:
Later he proposed to also introduce the 2y
prefix for a better distinction between the three versions:
一个想法是分配又一个前缀,这意味着相同事物为2a ,但证明"通过了特定的特定测试套件(将包括8位字符).因此,我们将拥有:
One idea is to allocate yet another prefix, which will mean the same thing as 2a, but "certified" as passing a certain specific test suite (which will include 8-bit chars). So we'll have:
2a-正确性未知(可能正确,可能有错误)
2x-标志扩展错误
2y-绝对正确
2a - unknown correctness (may be correct, may be buggy)
2x - sign extension bug
2y - definitely correct
新设置/更改的密码将获得新的前缀.
Newly set/changed passwords will be getting the new prefix.
PHP支持 2a
, 2x
和 2y
,而 bcrypt-ruby仅支持 2a
和 2x
.但是,如果您知道自己的实现没有符号扩展错误",则可以将 2y
替换为 2a
,因为 2y
表示与 2a
相同.
PHP supports 2a
, 2x
, and 2y
while bcrypt-ruby supports only 2a
, and 2x
. But if you know your implementation doesn’t have the "sign extension bug", you can just replace 2y
by 2a
, as 2y
means the same thing as 2a
.
这篇关于使用$ 2y版本的bcrypt-ruby验证哈希密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!