Python bcrypt:如何检查一个长的sha256加密密码?
Python bcrypt: how to check a long encrypted by sha256 password?
我有一个很长的密码,我想对其进行编码。我用的是bcrypt主教程:
>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
... base64.b64encode(hashlib.sha256(password).digest()),
... bcrypt.gensalt()
... )
但是,当我使用教程如下检查时,它不匹配:
input_password = "..." # some password
bcrypt.checkpw(input_password.encode("utf8"), hashed)
我想我也必须解码它。 base64.b64encode(hashlib.sha256(input_password).digest() 应该工作吗?
对于以后阅读本文的任何人:OP 是对的。来自 BCrypt GitHub:
The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:
>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
... base64.b64encode(hashlib.sha256(password).digest()),
... bcrypt.gensalt()
... )
现在回答问题:
是的,要检查密码,您对密码执行与之前相同的步骤,所以
>>> new_password = base64.b64encode(hashlib.sha256(raw_password).digest())
>>> bcrypt.checkpw(new_password, saved_password)
不要忘记先对密码进行编码,所以对于 Python 3 类似
>>> raw_password = password_string.encode('utf_8')
编码为相同格式可能是个好主意。
我有一个很长的密码,我想对其进行编码。我用的是bcrypt主教程:
>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
... base64.b64encode(hashlib.sha256(password).digest()),
... bcrypt.gensalt()
... )
但是,当我使用教程如下检查时,它不匹配:
input_password = "..." # some password
bcrypt.checkpw(input_password.encode("utf8"), hashed)
我想我也必须解码它。 base64.b64encode(hashlib.sha256(input_password).digest() 应该工作吗?
对于以后阅读本文的任何人:OP 是对的。来自 BCrypt GitHub:
The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:
>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
... base64.b64encode(hashlib.sha256(password).digest()),
... bcrypt.gensalt()
... )
现在回答问题:
是的,要检查密码,您对密码执行与之前相同的步骤,所以
>>> new_password = base64.b64encode(hashlib.sha256(raw_password).digest())
>>> bcrypt.checkpw(new_password, saved_password)
不要忘记先对密码进行编码,所以对于 Python 3 类似
>>> raw_password = password_string.encode('utf_8')
编码为相同格式可能是个好主意。