如何在MySQL的`encrypt`函数中使用`bcrypt`算法验证密码? [英] How to use `bcrypt` algorithm within `encrypt` function in MySQL for verifying password?
问题描述
我有密码( qwe
)的加密值( $ 2y $ 10 $ zQaDT8hXM4pLmBdwN0xEseda / oKJAQKMKMzUrV8jbs6Epz28BXzBS
)。但是当我正在验证我得到错误的结果哈希值。
I have bcrypted value($2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS
) of password (qwe
). But when I am verifying I am getting wrong result hash value.
mysql> select '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS' = encrypt('qwe', '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS') as is_valid;
+----------+
| is_valid |
+----------+
| 0 |
+----------+
select encrypt('qwe', '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS') as hash;
+---------------+
| hash |
+---------------+
| $2tBKnsbV2Szg |
+---------------+
md5
正常工作
mysql> select '$1$$.dCRcHz4ApIYzcA0g/qz3/' = encrypt('qwe', '$1$$.dCRcHz4ApIYzcA0g/qz3/') as is_valid;
+----------+
| is_valid |
+----------+
| 1 |
+----------+
谁添加支持
Who to add support of bcrypt
to MySQL?
推荐答案
你不能。 MySQL ENCRYPT()
函数使用操作系统的 crypt()
函数 - 如果您的操作系统不支持bcrypt哈希MySQL也不会支持它们。
You can't. The MySQL ENCRYPT()
function uses the operating system's crypt()
function — if your operating system does not support bcrypt hashes, MySQL will not support them either.
此外,不要使用MySQL ENCRYPT()
函数。正如ircmaxell所指出的,您传递给MySQL查询的任何数据可能会在服务器日志文件中使用,因此将其用于与密码相关的任何内容可能不安全。
Also, do not use the MySQL ENCRYPT()
function. As ircmaxell noted, any data you pass to a MySQL query may end up in server log files, so it's potentially unsafe to use it for anything password-related.
这篇关于如何在MySQL的`encrypt`函数中使用`bcrypt`算法验证密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!