bcrypt.js compare 方法如何知道 salting 轮数?

How bcrypt.js compare method knows the number of salting rounds?

作为 bcrypt documentation 地址,为了将散列与纯文本进行比较,我们必须像这样实现 compare 函数:

bcrypt.compare(myPlaintextPassword, hash).then(function(result) { //do stuff });

但是似乎没有办法告诉函数加盐的次数。函数如何获得该数字?

bcrypt 输出如下所示:a$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy 它指定成本参数为 10,表示 2^10 轮密钥扩展。 盐是 N9qo8uLOickgx2ZMRZoMye,密码哈希是 IjZAgcfl7p92ldGxad68LJZdL17lhWy

所有需要的信息都输入到 hash 参数中。

The prefix "a$" or "b$" (or "y$") in a hash string in a shadow password file indicates that hash string is a bcrypt hash in modular crypt format. The rest of the hash string includes the cost parameter, a 128-bit salt (Radix-64 encoded as 22 characters), and 184 bits of the resulting hash value (Radix-64 encoded as 31 characters).The Radix-64 encoding uses the unix/crypt alphabet, and is not 'standard' Base-64. The cost parameter specifies a key expansion iteration count as a power of two, which is an input to the crypt algorithm.

For example, the shadow password record a$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy specifies a cost parameter of 10, indicating 2^10 key expansion rounds. The salt is N9qo8uLOickgx2ZMRZoMye and the resulting hash is IjZAgcfl7p92ldGxad68LJZdL17lhWy. Per standard practice, the user's password itself is not stored.

有一个完整的维基百科条目:https://en.wikipedia.org/wiki/Bcrypt