用于Firebase简单登录的盐/哈希值? [英] Salt/Hash for Firebase Simple Login?

问题描述

Firebase提供了简单登录"，其中使用电子邮件/密码进行身份验证.有谁知道firebase是否在存储密码之前撒了盐并对其进行了哈希处理?我以为firebase足够了解这一点，但是我只是想确定一下，因为经过一个小时的搜索，我什么都找不到.

Firebase offers 'Simple Login' in which email/password is used for authentication. Does anyone know if firebase salts and hashes the password before storing it? I imagine that firebase would know enough to do so, but I just wanted to make sure, because I could not find anything on this after an hour of searching.

预期的跟进:如果Firebase实际上不对密码进行加盐和哈希处理，那么如果我将用户的密码加盐并进行哈希处理并将其传递到Firebase进行存储/检查，那么简单登录是否可以正常工作?

Anticipated follow up: If firebase in fact does not salt+hash the passwords, would the Simple Login work if I took the user's password, salted+hashed, and passed it onto firebase to store/check?

提前谢谢！

推荐答案

截至2016年

截至2016年，Firebase使用scrypt的修改版来加密密码.在GitHub 此处上发布了用于执行加密的库.

As of 2016, Firebase uses a modified version of scrypt to encrypt passwords. A library to perform the encryption was released on GitHub here.

它同时使用了盐和哈希值，如示例中所示:

It uses both salt and hashes as shown in the sample:

# Params from the project's password hash parameters
base64_signer_key="jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA=="
base64_salt_separator="Bw=="
rounds=8
memcost=14

# Params from the exported account
base64_salt="42xEC+ixf3L2lw=="

# The users raw text password
password="user1password"

# Generate the hash
# Expected output:
# lSrfV15cpx95/sZS2W9c9Kp6i/LVgQNDNC/qzrCnh1SAyZvqmZqAjTdn3aoItz+VHjoZilo78198JAdRuid5lQ==
echo `./scrypt "$base64_signer_key" "$base64_salt" "$base64_salt_separator" "$rounds" "$memcost" -P <<< "$password"`

2016年前

根据此页面( http://firebase.com/docs/web/guide/simple-login/password.html )Firebase使用bcrypt.

According to this page (http://firebase.com/docs/web/guide/simple-login/password.html) Firebase uses bcrypt.

根据bcrypt上的Wiki页面( http://en.wikipedia.org/wiki/Bcrypt)，它既散列又使用盐.

According to the wiki page on bcrypt (http://en.wikipedia.org/wiki/Bcrypt), it both hashes and uses salt with that.

这篇关于用于Firebase简单登录的盐/哈希值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！