node.bcrypt.js如何比较哈希密码和纯文本密码而不加盐? [英] How does node.bcrypt.js compare hashed and plaintext passwords without the salt?

问题描述

来自 github :

要散列密码:

var bcrypt = require('bcrypt');
bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash("B4c0/\/", salt, function(err, hash) {
        // Store hash in your password DB.
    });
});

要检查密码:

// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
    // res == true
});
bcrypt.compare("not_bacon", hash, function(err, res) {
    // res = false
});

从上方看，比较中如何不包含盐值?我在这里想念什么?

From above, how can there be no salt values involved in the comparisons? What am I missing here?

推荐答案

salt被合并到哈希中(以纯文本形式).比较功能只是简单地将哈希值从哈希中取出，然后使用它来哈希密码并执行比较.

The salt is incorporated into the hash (as plaintext). The compare function simply pulls the salt out of the hash and then uses it to hash the password and perform the comparison.

这篇关于node.bcrypt.js如何比较哈希密码和纯文本密码而不加盐?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！