从password_hash()确定salt [英] Determining the salt from a password_hash()
问题描述
我使用bcrypt(实际上使用 password_compat 散列我的密码,因为我运行php 5.3.10 )
我想将函数的结果字符串分成两部分:使用的盐和散列本身。 (我知道使用password_verify()来验证密码,但我需要散列函数将它用作加密更广泛安全系统中的私钥的密钥。)
对于给定的密码(abcdef),这是结果:
$ 2y $ 10 $ ult68Ti4 / zEWX4VQ .. .. YCOWjL6
我改变了函数一点点,以便吐出concat,salt,hash和hash_format。
...来自password_compat ...
$ salt = substr($ salt,0,$ required_salt_len);
$ hash = $ hash_format。 $盐;
$ ret = crypt($ password,$ hash);
if(!is_string($ ret)|| strlen($ ret)< = 13){
return false;
$ b return array('concat'=> $ ret,
'salt'=> $ salt,
'format'=> $ hash_format ,
'hash_format'=> $ hash);
我认为结果散列是 $ hash_format , $ salt 和哈希 ...但最后一个字符不同...
_
[concat] => $ 2y $ 10 $ oWfFYcNqlcUeGwJM0AFUguSJ5t ..... SvWG
[salt] => oWfFYcNqlcUeGwJM0AFUgw
[hash_format] => $ 2y $ 10 $ oWfFYcNqlcUeGwJM0AFUgw
[format] => $ 2y $ 10 $
$
正如您所看到的,盐的最后一个字符是不同的
这怎么可能?
传递给 crypt()的盐与产生的散列值中返回的salt不同的原因是,BCrypt内部仅使用126位盐,但传递给函数的盐总是包含128位。由于crypt函数需要base64编码的salt类型,所以不能直接传递126位。
我知道你想要使用真正的散列作为加密另一个密钥的密钥,可以从结果散列值中提取它。这个字符串总是以 $ 来分隔各个部分的特定格式,而BCrypt实际的哈希是最后的31个字符。
pre $ $ $ $ $ $ $ $ | | |
| | |散列值= K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
| | |
| | salt = nOUIs5kJ7naTuTFkBy1veu(22个字符)
| |
|成本因子= 10 = 2 ^ 10迭代
|
hash-algorithm = 2y = BCrypt
另一种可能性是计算整个哈希字符串(全部60个字符)。您可以选择返回所需长度的算法,例如sha256获取MCRYPT_TWOFISH的256位密钥。
I'm hashing my password with bcrypt (actually with password_compat since I run php 5.3.10)
I wanted to split the result string of the function into two parts: the salt used and the hash itself. (I know to use password_verify() to verify, well, the password. But I need the hash to use it as a key to encrypt a private key in a more broader security system.)
For a given password (abcdef) this is the result:
$2y$10$ult68Ti4/zEWX4VQ .... YCOWjL6
I've altered the function a little bit, to spit out the concat, salt, hash and hash_format.
... from the password_compat ...
$salt = substr($salt, 0, $required_salt_len);
$hash = $hash_format . $salt;
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) <= 13) {
return false;
}
return array( 'concat'=>$ret,
'salt'=>$salt,
'format'=>$hash_format,
'hash_format'=>$hash);
I thought the result-hash was a concat of the $hash_format, $salt and the hash... but the last character is different...
_
[concat] => $2y$10$oWfFYcNqlcUeGwJM0AFUguSJ5t ..... SvWG
[salt] => oWfFYcNqlcUeGwJM0AFUgw
[hash_format] => $2y$10$oWfFYcNqlcUeGwJM0AFUgw
[format] => $2y$10$
^
As you can see the last character is different in the salt before the crypt function and after the function.
How is this possible?
The reason why the salt passed to crypt() can differ from the salt returned in the resulting hash-value is, that BCrypt internally only uses 126 bits of the salt, but the salt passed to the function always contains 128 bits. Since the crypt function expects the salt kind of base64 encoded, you cannot pass 126 bits directly.
A more detailed answer you can find here: Why does crypt/blowfish generate the same hash with two different salts?
I understand that you want to use the real hash as a key to encrypt another key, you could extract it from the resulting hash-value. This string is always of a certain format with $ to separate the parts, with BCrypt the real hash are the last 31 characters
$2y$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
| | | |
| | | hash-value = K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
| | |
| | salt = nOUIs5kJ7naTuTFkBy1veu (22 characters)
| |
| cost-factor = 10 = 2^10 iterations
|
hash-algorithm = 2y = BCrypt
Another possibility is to calculate a hash of the whole string (all 60 characters). You could choose an algorithm that returns the required length, e.g. sha256 to get a 256 bit key for MCRYPT_TWOFISH.
这篇关于从password_hash()确定salt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
