比较PHP和NodeJS之间的BCrypt哈希 [英] Comparing BCrypt hash between PHP and NodeJS

问题描述

对于我正在开发的应用，nodejs需要验证PHP创建的哈希，反之亦然.

For an app I'm working on, nodejs needs to verify hashes created by PHP and vice-versa.

问题是，在node.js中进行测试时，PHP中生成的哈希(通过Laravel的Hash类，该类仅使用PHP的password_hash函数)返回false.

The problem is, the hashes generated in PHP (via Laravel's Hash class, which just uses PHP's password_hash function) return false when tested in node.js.

以下node.js脚本:

The following node.js script:

var bcrypt = require('bcrypt');

var password = 'password';

var phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';
var nodeGeneratedHash = '$2a$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

console.log(
  bcrypt.compareSync(password, phpGeneratedHash)  ? 'PHP passed' : 'PHP failed',
  bcrypt.compareSync(password, nodeGeneratedHash) ? 'nodejs passed' : 'nodejs failed'
);

输出:'PHP失败的nodejs通过'，而以下PHP脚本:

outputs: 'PHP failed nodejs passed', whereas the following PHP script:

<?php

$password = 'password';

$phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';
$nodeGeneratedHash = '$2a$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

print password_verify($password, $phpGeneratedHash)  ? 'PHP passed' : 'PHP failed';
print password_verify($password, $nodeGeneratedHash) ? 'nodejs passed' : 'nodejs failed';

输出"PHP传递的nodejs传递的信息".

outputs 'PHP passed nodejs passed'.

我已经在Ubuntu 14.04.1中使用PHP 5.5.18，node.js v0.10.32和npm bcrypt模块运行了测试.

I've run the tests in Ubuntu 14.04.1 using PHP 5.5.18, node.js v0.10.32 and the npm bcrypt module.

推荐答案

此操作失败，因为从php和node生成的bcrypt哈希类型不同. Laravel生成$2y$，而节点生成$2a$.但是好消息是2a和2y之间的唯一区别是它们的前缀.

This fails because the types of bcrypt hashes being generated from php and node are different. Laravel generates the $2y$ while node generates the $2a$. But the good news is the only difference between 2a and 2y are their prefixes.

因此，您可以做的是使其中一个前缀与另一个相似.喜欢:

So what you can do is make one of the prefix similar to the other. Like:

$phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';
$nodeGeneratedHash = '$2a$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

类似:

$phpGeneratedHash  = '$2y$10$jOTwkwLVn6OeA/843CyIHu67ib4RixMa/N/pTJVhOjTddvrG8ge5.';
$nodeGeneratedHash = '$2y$10$ZiBH5JtTDtXqDajO6f4EbeBIXGwtcGg2MGwr90xTH9ki34SV6rZhO';

请注意，我将节点哈希的$2a$替换为$2y$.您可以使用以下方法简单地做到这一点:

Notice that I replaced the $2a$ of the node hash to $2y$. You can simply do this with:

$finalNodeGeneratedHash = str_replace("$2a$", "$2y$", $nodeGeneratedHash);

节点

finalNodeGeneratedHash = nodeGeneratedHash.replace('$2a$', '$2y$');

然后将phpGeneratedHash与finalNodeGeneratedHash进行比较.

注意:建议如果在PHP中进行比较，则将NodeJS生成的哈希值的前缀更改为$2y$，并且如果在NodeJS中进行比较，则建议这样做.将PHP生成的哈希的前缀更改为$2a$.

Note: It is recommended that if you're comparing in PHP, change the prefix of the NodeJS generated hash to $2y$ and if you're comparing in NodeJS; change the prefix of the PHP generated hash to $2a$.

这篇关于比较PHP和NodeJS之间的BCrypt哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！