如何将密码文本与bcrypt哈希值进行比较? [英] how to compare a password text with the bcrypt hashes?

问题描述

我的应用程序中有一个用例，该用例应防止用户在重置密码时选择其后三个密码之一.我在前端使用Angular，在后端使用Spring Boot.在我的情况下，用户密码存储为bcrypt哈希.

I have a use case in my application that should prevent the user from choosing one of their last 3 passwords while resetting their password. I'm using Angular for the front end and Spring Boot for the back end . In my scenario, the user passwords are stored as bcrypt hash.

如何将用户输入的密码与最近存储的3个bcrypt密码进行比较?

How can I compare the password entered by the user with the last 3 stored bcrypt passwords?

当我运行以下代码片段示例时，

When I run the following code snipped example,

BCryptPasswordEncoder b = new BCryptPasswordEncoder();

    for(int i =0;i<10;i++) {
        System.out.println(b.encode("passw0rd"));

    }

它生成以下bcrypt散列.每个哈希都是不同的，这是合理的，因为当我检查org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder时，我可以看到生成的盐是随机值.

it generates the following bcrypt hashes. each hash is different which is reasonable because when I check the org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder, I can see the salt generated is random value.

$2a$10$tztZsPFZ.T.82Gl/VIuMt.RDjayTwuMLAkRkO9SB.rd92vHWKZmRm
$2a$10$yTHyWDmcCBq3OSPOxjj4TuW9qXYE31CU.fFlWxppii9AizL0lKMzO
$2a$10$Z6aVwg.FNq/2I4zmDjDOceT9ha0Ur/UKsCfdADLvNHiZpR7Sz53fC
$2a$10$yKDVeOUvfTQuTnCHGJp.LeURFcXK6JcHB6lrSgoX1pRjxXDoc8up.
$2a$10$ZuAL06GS7shHz.U/ywb2iuhv2Spubl7Xo4NZ7QOYw3cHWK7/7ZKcC
$2a$10$4T37YehBTmPWuN9j.ga2XeF9GHy6EWDhQS5Uc9bHvJTK8.xIm1coS
$2a$10$o/zxjGkArT7YdDkrk5Qer.oJbZAYpJW39iWAWFqbOhpTf3FmyfWRC
$2a$10$eo7yuuE2f7XqJL8Wjyz.F.xj78ltWuMS1P0O/I6X7iNPwdsWMVzu6
$2a$10$3ErH2GtZpYJGg1BhfgcO/uOt/L2wYg4RoO8.fNRam458WWdymdQLW
$2a$10$IksOJvL/a0ebl4R2/nbMQ.XmjNARIzNo8.aLXiTFs1Pxd06SsnOWa

Spring安全配置.

  @Configuration
    @Import(SecurityProblemSupport.class)
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

        @PostConstruct
        public void init() {
            try {
                authenticationManagerBuilder
                    .userDetailsService(userDetailsService)
                    .passwordEncoder(passwordEncoder());
            } catch (Exception e) {
                throw new BeanInitializationException("Security configuration failed", e);
            }
        }
       @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
    }

推荐答案

您可以在BCryptPasswordEncoder中使用matches方法，如下所示:

you can use matches method in BCryptPasswordEncoder, something like this:

b.matches("passw0rd", hash)

这篇关于如何将密码文本与bcrypt哈希值进行比较?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！