Firebase 简单登录的盐/哈希? [英] Salt/Hash for Firebase Simple Login?
问题描述
Firebase 提供简单登录",其中使用电子邮件/密码进行身份验证.有谁知道 firebase 在存储密码之前是否会加盐和散列密码?我想 firebase 知道的足够多,但我只是想确定一下,因为经过一个小时的搜索,我找不到任何相关信息.
Firebase offers 'Simple Login' in which email/password is used for authentication. Does anyone know if firebase salts and hashes the password before storing it? I imagine that firebase would know enough to do so, but I just wanted to make sure, because I could not find anything on this after an hour of searching.
预期的跟进:如果 firebase 实际上没有对密码进行加盐+散列处理,那么如果我使用用户的密码、加盐+散列并将其传递到 firebase 进行存储/检查,那么简单登录是否会起作用?
Anticipated follow up: If firebase in fact does not salt+hash the passwords, would the Simple Login work if I took the user's password, salted+hashed, and passed it onto firebase to store/check?
提前致谢!
推荐答案
截至 2016 年
截至 2016 年,Firebase 使用 scrypt 的修改版本来加密密码.用于执行加密的库已在 GitHub 此处 上发布.
As of 2016, Firebase uses a modified version of scrypt to encrypt passwords. A library to perform the encryption was released on GitHub here.
它同时使用盐和哈希,如示例所示:
It uses both salt and hashes as shown in the sample:
# Params from the project's password hash parameters
base64_signer_key="jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA=="
base64_salt_separator="Bw=="
rounds=8
memcost=14
# Params from the exported account
base64_salt="42xEC+ixf3L2lw=="
# The users raw text password
password="user1password"
# Generate the hash
# Expected output:
# lSrfV15cpx95/sZS2W9c9Kp6i/LVgQNDNC/qzrCnh1SAyZvqmZqAjTdn3aoItz+VHjoZilo78198JAdRuid5lQ==
echo `./scrypt "$base64_signer_key" "$base64_salt" "$base64_salt_separator" "$rounds" "$memcost" -P <<< "$password"`
2016 年之前
根据这个页面(http://firebase.com/docs/web/guide/simple-login/password.html) Firebase 使用 bcrypt.
According to this page (http://firebase.com/docs/web/guide/simple-login/password.html) Firebase uses bcrypt.
根据 bcrypt 上的 wiki 页面 (http://en.wikipedia.org/wiki/Bcrypt),它既散列又使用盐.
According to the wiki page on bcrypt (http://en.wikipedia.org/wiki/Bcrypt), it both hashes and uses salt with that.
这篇关于Firebase 简单登录的盐/哈希?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!