解密rfc2898密码 [英] Decrypting rfc2898 password

问题描述

问题出在数据库中，密码是加密的。

我正在开发中，我需要测试我的登录名/密码api。 >

我有以下信息：
$ b

• 键


• iteration


• 盐

这足以恢复密码吗？

顺便说一下，我可以编辑这些值，如果有帮助的话。

>我想你误解了密码API的工作原理。您无法反转正确哈希密码，但您可以验证输入的密码与存储的哈希值。

要验证输入的密码，您需要再次计算哈希值用于创建第一个散列的相同参数。然后你可以比较两个哈希值，如果它们匹配，密码是一样的。

I'm in the middle of development and I need to test my login/password api.

Problem is in the database the password is encrypted.

I have the following information.

• key
• iteration
• salt

Is this enough to recover the password?

By the way I can edit these values as well if that will help.

解决方案

I think you misunderstood, how a password API works. You cannot reverse a properly hashed password, but you can validate an entered password against the stored hash.

To validate the entered password, you need to calculate the hash again, with the same parameters you used to create the first hash. Then you can compare the two hashes, if they match, the password was the same.

这篇关于解密rfc2898密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！