使用 bcrypt 的长密钥的意外行为
Unexpected behaviour with long keys using bcrypt
我正在测试我的授权实施。我正在使用 bcrypt 获取一些登录信息。在测试时,我缩短了密钥(只是为了尝试不同的密钥),令我惊讶的是,它被验证为一个工作密钥。较短的键(如“hello”和“hell”)似乎不是这种情况。
我想知道这是预期的行为还是库的错误。我怀疑这不是预期的行为。我使用的库是 this one, and here is this same question as an issue.
"Shorter key" should "not work with bcrypt" in {
val key = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2fed123fe293e70bce784d111e668b86b51d526462ada227b2216092ecd19002ecfd1a4a7ad7bd2be6009c3ab7e58dedf19d06238619524e7b8fc49cfaa2ae891b40cb54b04834af2a784fc744386ff3d821d8c5a998c742dad8b93ec7338c6583a70ab9222e57192"
val shorterKey = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2fed123fe293e70bce784d111e668b86b51d526462ada227b2216092ecd19002ecfd1a4a7ad7bd2be6009c3ab7e58dedf19d06238619524e7b8fc49"
val evenShorterKey = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2f"
val bcryptedKey = "a$gF8jgmfUpYPvjX0FsVadhugiwuiEpt1.jdOg3GCQB1aqFGdt1Kr5G"
key.isBcryptedSafe(bcryptedKey) should be(Success(true))
shorterKey.isBcryptedSafe(bcryptedKey) should be(Success(false))
evenShorterKey.isBcryptedSafe(bcryptedKey) should be(Success(false))
}
期待您的回答。现在我将在两者之间添加一个散列步骤并希望它能起作用。
看起来 bcrypt 有最大密码长度。请看这个:https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length。似乎不仅仅是一个scala问题。
我正在测试我的授权实施。我正在使用 bcrypt 获取一些登录信息。在测试时,我缩短了密钥(只是为了尝试不同的密钥),令我惊讶的是,它被验证为一个工作密钥。较短的键(如“hello”和“hell”)似乎不是这种情况。
我想知道这是预期的行为还是库的错误。我怀疑这不是预期的行为。我使用的库是 this one, and here is this same question as an issue.
"Shorter key" should "not work with bcrypt" in {
val key = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2fed123fe293e70bce784d111e668b86b51d526462ada227b2216092ecd19002ecfd1a4a7ad7bd2be6009c3ab7e58dedf19d06238619524e7b8fc49cfaa2ae891b40cb54b04834af2a784fc744386ff3d821d8c5a998c742dad8b93ec7338c6583a70ab9222e57192"
val shorterKey = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2fed123fe293e70bce784d111e668b86b51d526462ada227b2216092ecd19002ecfd1a4a7ad7bd2be6009c3ab7e58dedf19d06238619524e7b8fc49"
val evenShorterKey = "b5c805cf4f1ccd534ad36c4480c835c57caf487dec1953568d486e0af70147f1872b2592c2491dde0eb7ebf8efd27bd3bd9db3dc2e33c0ac94144a1a40bac65a95fcf5ae2b3298c478da86346b6f1e1a57cba70a97ade3d3df821faf646f2d4cb4506bd98d1239b215bb590edbed7c8b6a957a1898889e5d49d53546f71100cf0a2a0880f9625a8d17e2efe0d45c99d9906a6a06a5baee710918e37361574e56bff5ded7fc98c73f20b0cf9e42e59106683e9e60f372b4263ba2ae3dce1f19fb5ba17141f01575c4d7eb7754485fb7eb0353c47a48ca0cc53ce725ff15cf96caa86bf0680edb4414cfc1e4f5c86a8d03d1436abbc72e0c0bc7c33866c19b778520974f279b0c6b1a0f6d5e5544581cc0d85a514b1f4953668c854ec644bf29c7cc669f95ffcba3bdc12382bbaa6df3c3667d1e119c26f502f30b5538003971b8c69cdb175ab41406dcd73977d2290706c4c2bd0eedebcab3c7ba4e0a8f1fb1752963ff375d2598c14a2c412ecfd5e51d9a52625adb67c97117cbb28caca75b70eec1e549fee56d80a92216b2c371206e9e8055419577b0e2f"
val bcryptedKey = "a$gF8jgmfUpYPvjX0FsVadhugiwuiEpt1.jdOg3GCQB1aqFGdt1Kr5G"
key.isBcryptedSafe(bcryptedKey) should be(Success(true))
shorterKey.isBcryptedSafe(bcryptedKey) should be(Success(false))
evenShorterKey.isBcryptedSafe(bcryptedKey) should be(Success(false))
}
期待您的回答。现在我将在两者之间添加一个散列步骤并希望它能起作用。
看起来 bcrypt 有最大密码长度。请看这个:https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length。似乎不仅仅是一个scala问题。