验证与PHP的NodeJS的crypt()生成的哈希? [英] Verify a hash generated with php crypt() in NodeJS?
问题描述
我有一个PHP 5.3与Web服务器上运行的锂框架。
I have a PHP 5.3 webserver with the Lithium framework running on it.
我有 crypt_blowfish的
生成的密码哈希值:
I have password hashes generated with CRYPT_BLOWFISH
:
public static function hash($password, $salt = null) {
return crypt($password, $salt ?: static::salt());
}
他们得到这个检查:
They get checked with this :
public static function check($password, $hash) {
return String::compare(crypt($password, $hash), $hash);
}
我在寻找的的NodeJS
脚本,使我能够既检查,并产生类似的哈希值:
I'm looking for the NodeJS
script that would enable me to both check and generate similar hashes :
我试过这个至今(检查现在):
I've tried this so far (check for now) :
var c = crypto.createCipher('bf-cfb', password);
var res = c.update(hash);
res += c.final('utf8');
在哪里(不准确瓦尔,但看起来好像是这样):
Where (not exact vars, but looks like this) :
var hash = '$2a$10$nA5CV2XWJGn0cbKxSHU3GOp29ypHNVJDglJ0iNFx2zFkfy3mrsRZK'; // from php
var salt = '$2a$10$nku2zgjB65zLdcVC1BIhG.'; // from php too
var password = 'passwordInClearTextToCheck'; // correct password to check
是否有可能实现?
Is it possible to achieve?
推荐答案
地穴()函数使用不同的算法,这是不是原始的Blowfish加密/解密。
由于没有地穴()实现的node.js然而,我建议哈希密码+盐,SHA1 / SHA256 /任何其他人。
Crypt() function uses different algorithm, this is not raw Blowfish encryption/decryption. Since there is no Crypt() implementation for node.js yet, I would recommend to hash password + salt with SHA1/SHA256/whatever else.
这篇关于验证与PHP的NodeJS的crypt()生成的哈希?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!