密码的Javascript加密和服务器端的解密 [英] Javascript encryption of password and decrypting at server side

问题描述

我需要知道登录名，这将如何完成.

到目前为止，我已经完成了操作，创建了用户注册页面，他们使用盐生成输入密码的哈希码.现在如何在服务器端使用相同的盐解密.

Hi ,

I need to know the login, How this will be done.

I have done so far, created users register page their i''m generating the hash code of the entered password using salt. now how to decrypt at server side with same salt.

推荐答案

Hello Rockstar，

由于您使用的是散列密码，因此您将无法在服务器端获取原始密码，除非您当然使用的是自定义增长的散列函数，该函数能够反转has值.

Hello Rockstar,

Since you are using hashed password it won''t be possible for you to obtain the original password on the server side, unless of course you are using a custom grown hash function which is capable of reversing the has value.

根据维基百科

，密码哈希函数是哈希函数；也就是说，一种算法将获取任意数据块并返回固定大小的位字符串((加密的)哈希值)，以便对数据进行任何(偶然或有意的)更改都将(非常有可能)更改哈希值价值.通常将要编码的数据称为消息"，有时将哈希值称为消息摘要或简称为摘要".

理想的密码散列函数具有四个主要属性:

• 为任何给定消息计算哈希值很容易
• 生成具有给定哈希值的消息是不可行的
• 在不更改消息的情况下修改消息是不可行的哈希
• 查找具有相同哈希的两条不同消息是不可行的.

A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

The ideal cryptographic hash function has four main properties:




• it is easy to compute the hash value for any given message
• it is infeasible to generate a message that has a given hash
• it is infeasible to modify a message without changing the hash
• it is infeasible to find two different messages with the same hash.


下面说明我通常实现此功能的方式.您也许可以遵循相同的方法.



The way I typically imeplemet this functionality is explained below. You can perhaps follow the same.




1. 在服务器端生成大约10-12个字符的随机值( Salt )，然后使用隐藏字段将其插入登录页面，并将其存储在会话中.
2. 在登录页面的javascript中，生成密码(SHA-1/SHA-2/SHA-3)的哈希( HashedPass ).
3. 使用 Salt 生成 HashedPass
4. Post UserId ， HashedPass 和 CheckSum 到服务器
5. 在服务器端，使用会话中存储的 Salt 和接收到的 Salt 重新计算 Checksum HashedPass .将该值与接收到的 CheckSum 进行比较，如果两个值相同，则继续下一步，否则标记错误.
6. 使用接收到的UserId从数据存储中检索用户的记录.
7. 检索与原始密码哈希一起存储的随机盐. (存储在数据存储区中的原始密码也是使用随机盐和使用之前提到的一种哈希算法生成的哈希值.我通常将盐和哈希密码一起存储为


1. Generate some random value (Salt) approx 10-12 characters on server side and insert it in login page using a hidden field, store it in session as well.
2. In login page''s javascript generate a hash (HashedPass) of the password (SHA-1/SHA-2/SHA-3).
3. Using the Salt generate one more hash value (CheckSum) of HashedPass
4. Post UserId, HashedPass and CheckSum to server
5. On the server side recompute the Checksum using Salt stored in session and the received HashedPass. Compare this value with CheckSum received, If both values are same then proceed to next step otherwise flag an error.
6. Reteieve user''s record from data store using the received UserId.
7. Retrieve the random salt that was stored along with the original password hash. (The original password stored in the data store is also a hash value generated using a random salt and using one of the hashing algorithms mentioned eralier. I generally store salt along with the hashed password as




SALT




HASH )

使用在步骤7中获取的随机盐重新计算 HashedPass 的新哈希，然后

现在将新的哈希与数据存储中存储的密码哈希进行比较，如果这两个值相等，则可以安全地登录用户，否则标记错误

HASH)

Recompute the new hash of HashedPass using the random salt retrieved in step 7 and one of the hashing algorithms mentioned eralier.

Now compare the new hash with the password hash stored in data store, if both of these values are equal then you can safely login the user, otherwise flag an error


问候




这篇关于密码的Javascript加密和服务器端的解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！