为什么所有的 brcypt 或加密哈希比较总是返回 false 即使对于正确的密码
why is it all the brcypt or crypto hashes comparison are always returning false even for correct password
我已经设法使用 cryptojs 和 bcrypt 来散列/加密我所有的密码但失败了
比较哈希值(数据库中的哈希密码与哈希输入密码)总是返回 false
所以我做了更多挖掘以找出哈希的内容,这些是结果。
const crypto = require('crypto')
function setUserPassword(inputPassword){
const salt = crypto.randomBytes(16).toString('hex')
let hashedPassword = crypto.pbkdf2Sync(inputPassword, salt, 1000, 16,'sha512').toString('hex')
return{ //we shall store them in the database later
salt: salt,
hashedPassword: hashedPassword
}
}
database ====>ac0f74b30c94fedbbd591889c4705607 //works perefectly using the above function
challenge comes when validating the user password.. using this function..
function validateUserPassword(enteredPassword, dbSalt, dbPassword){
// then checks if this generated hash is equal to user's hash in the database or not
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512') //the same as above
//u must compare the hashed password in the db with hashedInput password
return hashInput === dbPassword //IF it returns true then they match
}
so i checked the hashInput and discovered that it was a buffer instead of the string...
hey hashed input password <Buffer ac 0f 74 b3 0c 94 fe db bd 59 18 89 c4 70 56 07>
//may nodejs version... v6.11.4 and alo tried using v10.15.0 but all in the vain.
在 setUserPassword() 中,您正在从哈希函数返回的缓冲区中创建一个十六进制编码的字符串,但您忘记在 validateUserPassword() 中执行相同的操作。这将修复它:
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512').toString('hex')
我已经设法使用 cryptojs 和 bcrypt 来散列/加密我所有的密码但失败了 比较哈希值(数据库中的哈希密码与哈希输入密码)总是返回 false 所以我做了更多挖掘以找出哈希的内容,这些是结果。
const crypto = require('crypto')
function setUserPassword(inputPassword){
const salt = crypto.randomBytes(16).toString('hex')
let hashedPassword = crypto.pbkdf2Sync(inputPassword, salt, 1000, 16,'sha512').toString('hex')
return{ //we shall store them in the database later
salt: salt,
hashedPassword: hashedPassword
}
}
database ====>ac0f74b30c94fedbbd591889c4705607 //works perefectly using the above function
challenge comes when validating the user password.. using this function..
function validateUserPassword(enteredPassword, dbSalt, dbPassword){
// then checks if this generated hash is equal to user's hash in the database or not
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512') //the same as above
//u must compare the hashed password in the db with hashedInput password
return hashInput === dbPassword //IF it returns true then they match
}
so i checked the hashInput and discovered that it was a buffer instead of the string...
hey hashed input password <Buffer ac 0f 74 b3 0c 94 fe db bd 59 18 89 c4 70 56 07>
//may nodejs version... v6.11.4 and alo tried using v10.15.0 but all in the vain.
在 setUserPassword() 中,您正在从哈希函数返回的缓冲区中创建一个十六进制编码的字符串,但您忘记在 validateUserPassword() 中执行相同的操作。这将修复它:
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512').toString('hex')