我设法使用cryptojs和bcrypt哈希/加密我所有的密码,但是失败了 比较散列(数据库中的散列密码与散列的输入密码)总是返回false 所以我做了更多的工作以找出哈希的内容,这些就是结果。
const crypto = require('crypto')
function setUserPassword(inputPassword){
const salt = crypto.randomBytes(16).toString('hex')
let hashedPassword = crypto.pbkdf2Sync(inputPassword, salt, 1000, 16,'sha512').toString('hex')
return{ //we shall store them in the database later
salt: salt,
hashedPassword: hashedPassword
}
}
database ====>ac0f74b30c94fedbbd591889c4705607 //works perefectly using the above function
challenge comes when validating the user password.. using this function..
function validateUserPassword(enteredPassword, dbSalt, dbPassword){
// then checks if this generated hash is equal to user's hash in the database or not
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512') //the same as above
//u must compare the hashed password in the db with hashedInput password
return hashInput === dbPassword //IF it returns true then they match
}
so i checked the hashInput and discovered that it was a buffer instead of the string...
hey hashed input password <Buffer ac 0f 74 b3 0c 94 fe db bd 59 18 89 c4 70 56 07>
//may nodejs version... v6.11.4 and alo tried using v10.15.0 but all in the vain.
答案 0 :(得分:0)
在setUserPassword()中,您是从哈希函数返回的缓冲区中创建一个十六进制编码的字符串,但是您忘记了在validateUserPassword()中这样做。这将解决它:
let hashInput = crypto.pbkdf2Sync(enteredPassword, dbSalt, 1000,16, 'sha512').toString('hex')