本文介绍了Node.js中的$ 2y bcrypt哈希值的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 我正在使用 $ 2y 哈希来处理旧数据库。我已经挖了一下这个，也偶然发现堆栈溢出 $ 2a 和 $ 2y 之间的差异。I'm dealing with an old database with $2y hashes. I've dug into this a bit, also stumbled on the stack overflow on the difference between $2a and $2y.我查看了节点模块 bcrypt 似乎只生成并比较 $ 2a 哈希。I looked into the node module for bcrypt which seems to generate and compare only $2a hashes. https://github.com/ncb000gt/node.bcrypt.js/issues/175 https：/ /github.com/ncb000gt/node.bcrypt.js/issues/349 https://github.com/ncb000gt/node.bcrypt.js/issues/213https://github.com/ncb000gt/node.bcrypt.js/issues/175https://github.com/ncb000gt/node.bcrypt.js/issues/349https://github.com/ncb000gt/node.bcrypt.js/issues/213我找到了一个网站在生成 $ 2y 哈希，所以我可以用 bcrypt 测试它们。I found a website that generates $2y hashes so I can test them with bcrypt. http://aspirine.org/htpasswd_en.htmlhttp://aspirine.org/htpasswd_en.html以下是字符串 $ 2y 哈希的示例$ c> helloworld 。Here's an example of a $2y hash of the string helloworld.helloworld:$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW似乎模块无法验证 $ 2y 哈希值。Seems the module has no way of validating $2y hashes.这是我的测试。var Promise = require('bluebird')var bcrypt = require('bcrypt')var string = 'helloworld'Promise.promisifyAll(bcrypt)// bcrypt.genSalt(10, function(err, salt) {// bcrypt.hash(string, salt, function(err, hash) {// console.log(hash)// })// })var hashesGeneratedUsingBcryptModule = [ '$2a$10$6ppmIdlNEPwxWJskPaQ7l.d2fblh.GO6JomzrcpiD/hxGPOXA3Bsq', '$2a$10$YmpoYCDHzdAPMbd9B8l48.hkSnylnAPbOym367FKIEPa0ixY.o4b.', '$2a$10$Xfy3OPurrZEmbmmO0x1wGuFMdRTlmOgEMS0geg4wTj1vKcvXXjk06', '$2a$10$mYgwmdPZjiEncp7Yh5UB1uyPkoyavxrYcOIzzY4mzSniGpI9RbhL.', '$2a$10$dkBVTe2A2DAn24PUq1GZYe7AqL8WQqwOi8ZWBJAauOg60sk44DkOC']var hashesGeneratedUsingAspirineDotOrg = [ '$2y$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma', '$2y$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW']var hashesGeneratedUsingAspirineDotOrgSwippedYForA = [ '$2a$10$MKgpAXLJkwx5tpijWX99Qek2gf/irwvp5iSfxuFoDswIjMIbj2.Ma', '$2a$10$tRM7x9gGKhcAmpeqKEdhj.qRWCr4qoV1FU9se0Crx2hkMVNL2ktEW']hashesGeneratedUsingBcryptModule = hashesGeneratedUsingBcryptModule.map(hash => bcrypt.compareAsync(string, hash))hashesGeneratedUsingAspirineDotOrg = hashesGeneratedUsingAspirineDotOrg.map(hash => bcrypt.compareAsync(string, hash))hashesGeneratedUsingAspirineDotOrgSwippedYForA = hashesGeneratedUsingAspirineDotOrgSwippedYForA.map(hash => bcrypt.compareAsync(string, hash))Promise.all(hashesGeneratedUsingBcryptModule).tap(() => console.log('hashesGeneratedUsingBcryptModule')).then(console.log)Promise.all(hashesGeneratedUsingAspirineDotOrg).tap(() => console.log('hashesGeneratedUsingAspirineDotOrg')).then(console.log)Promise.all(hashesGeneratedUsingAspirineDotOrgSwippedYForA).tap(() => console.log('hashesGeneratedUsingAspirineDotOrgSwippedYForA')).then(console.log)以下是结果：// hashesGeneratedUsingAspirineDotOrg// [ false, false ]// hashesGeneratedUsingBcryptModule// [ true, true, true, true, true ]// hashesGeneratedUsingAspirineDotOrgSwippedYForA// [ false, false ]我对如何在节点中比较 $ 2y 哈希感到困惑。I'm stumped on how I can compare $2y hashes in node. 另一个Stack Overflow问题/答案说你可以改变 $ 2y 到 $ 2a 但对我来说仍然失败。There's another Stack Overflow question / answer that says you can just change the $2y to $2a but that still fails for me.更新！我正在使用生成器，因为它是 .htpasswd 密码生成器，您必须以此格式输入用户名和密码。I was using the generator incorrectly because it's a .htpasswd password generator you have to put in the username and password in this format.reggi helloworld输出对应于：reggi:$2y$10$iuC7GYH/h1Gl1aDmcpLFpeJXN9OZXZUYnaqD2NnGLQiVGQYBDtbtO之前我只需helloword我假设哈希是一个空字符串。Which I'm assuming hashed a empty string.这些更改将 y 更改为 a 适用于 bcrypt 。并且 twin-bcrypt 正常工作。With these changes changing the y to an a works in bcrypt. And twin-bcrypt just works.推荐答案 使用 bcrypt 时将 y 更改为 a 。 当使用 twin-bcrypt 时，哈希就可以了。When using bcrypt change the y to an a.When using twin-bcrypt the hash just works.使用 http://aspirine.org/htpasswd_en.html 时请确保您提供了用户名和密码。When using http://aspirine.org/htpasswd_en.html make sure that you provide a username and password.reggi helloworld然后：reggi:$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.这是一个包含 bcrypt 的工作示例 twin-bcrypt 。Here's a working example with both bcrypt and twin-bcrypt.var twinBcrypt = require('twin-bcrypt')var bcrypt = require('bcrypt')var string = 'helloworld'var bcryptAttempt = bcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.".replace(/^\$2y/, "$2a"))console.log(bcryptAttempt)var twinBcryptAttempt = twinBcrypt.compareSync(string, "$2y$10$Am0Nf/B6.S/Wkpr6IVdIZeuHWNa/fqoLyTNmlyrSg22AjRf2vS.T.")console.log(twinBcryptAttempt)输出：truetrue 这篇关于Node.js中的$ 2y bcrypt哈希值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！