问题描述
我试图找到一个可以在Delphi中使用的 bcrypt
实现。关于谷歌带给我的唯一有用的东西是,其中包含名为的winapi单元的翻译标题bcrypt.h
。但是当我查看它提供的功能时, bcrypt.h
似乎并没有包含任何使用Blowfish算法来弥散密码的方式!
I'm trying to find a bcrypt
implementation I can use in Delphi. About the only useful thing that Googling brings me is this download page, containing translated headers for a winapi unit called bcrypt.h
. But when I look at the functionality it provides, bcrypt.h
doesn't appear to actually contain any way to use the Blowfish algorithm to hash passwords!
我已经在C中找到了几个bcrypt实现,我可以从其中构建一个DLL并链接到,除了它们似乎都需要* nix或者是GCC特定的,所以不会工作要么!
I've found a few bcrypt implementations in C that I could build a DLL from and link to, except they seem to all require *nix or be GCC-specific, so that won't work either!
这是把我推到墙上的。我认为找到一个实现很容易,但实际上并不是这样。有没有人知道我能在哪里得到一个?
This is sorta driving me up the wall. I'd think that it would be easy to find an implementation, but that doesn't seem to be the case at all. Does anyone know where I could get one?
推荐答案
好吧,所以我写了。
用法:
hash: string;
hash := TBCrypt.HashPassword('mypassword01');
返回如下:
$2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
关于这个(OpenBSD)风格的有用的东西密码哈希是:
The useful thing about this (OpenBSD) style password hash is:
- 它标识算法(
2a
= bcrypt) / li>
- 为您自动创建盐,并随附散列(
Ro0CUfOqk6cXEKf3dyaM7O
) - 成本因子参数也带有散列(
10
)。
- that it identifies the algorithm (
2a
= bcrypt) - the salt is automatically created for you, and shipped with the hash (
Ro0CUfOqk6cXEKf3dyaM7O
) - the cost factor parameter is also carried with the hash (
10
).
要检查密码是否正确:
isValidPassword: Boolean;
isValidPassword := TBCrypt.CheckPassword('mypassword1', hash);
BCrypt使用成本因子,它决定了密钥设置的迭代次数会去成本越高,计算散列越贵。常数 BCRYPT_COST
包含默认费用:
BCrypt uses a cost factor, which determines how many iterations the key setup will go though. The higher the cost, the more expensive it is to compute the hash. The constant BCRYPT_COST
contains the default cost:
const
BCRYPT_COST = 10; //cost determintes the number of rounds. 10 = 2^10 rounds (1024)
在这种情况下, 10
表示密钥将被扩展和加密2 = 1,024轮。这是这个时间点(21世纪初)常用的成本因素。
In this case a cost of 10
means the key will be expanded and salted 2=1,024 rounds. This is the commonly used cost factor at this point in time (early 21 century).
同样有趣的是,对于没有已知的原因,OpenBSD散列的密码被转换为与地球上其他人使用的Base64不同的Base-64变体。所以 TBCrypt
包含一个自定义的base-64编码器和解码器。
It is also interesting to note that, for no known reason, OpenBSD hashed passwords are converted to a Base-64 variant that is different from the Base64 used by everyone else on the planet. So TBCrypt
contains a custom base-64 encoder and decoder.
还有一点要注意,哈希算法版本 2a
用于表示:
It's also useful to note that the hash algorithm version 2a
is used to mean:
- bcrypt
- 在散列数据中包含密码的空终止符
- unicode字符串为UTF-8编码
所以这就是为什么 HashPassword
和 CheckPassword
函数需要一个 WideString
(又名 UnicodeString
),并将其内部转换为 UTF-8 。如果您在Delphi的一个版本上运行,那么 UnicodeString
是一个保留字,那么只需定义一下:
So that is why the HashPassword
and CheckPassword
functions take a WideString
(aka UnicodeString
), and internally convert them to UTF-8. If you're running this on a version of Delphi where UnicodeString
is a reserved word, then simply define out:
type
UnicodeString = WideString;
我像David Heffernan知道,不拥有Delphi XE 2.我添加了 UnicodeString
别名,但不包括 compilers.inc
并定义离开 UnicodeString
(因为我不知道定义名称,也不能测试它)。
i, as David Heffernan knows, don't own Delphi XE 2. i added the UnicodeString
alias, but didn't include compilers.inc
and define away UnicodeString
(since i don't know the define name, nor could i test it). What do you want from free code?
代码包含两个单位:
- (我用嵌入式DUnit测试写的)
- (Dave Barton写的,我调整了,扩展,修复了一些bug,并添加了DUnit测试)
- Bcrypt.pas (which i wrote, with embedded DUnit tests)
- Blowfish.pas (which Dave Barton wrote, which i adapted, extended, fixed some bugs and added DUnit tests to).
我们可以在管道上放置一些可以永久生活的代码?
Where on the intertubes can i put some code where it can live in perpetuity?
更新1/1/2015 :前一段时间已经放到GitHub上:。
Update 1/1/2015: It was placed onto GitHub some time ago: BCrypt for Delphi.
奖金4/16/2015 :现在有一个
这篇关于是否有可用于Delphi的bcrypt实现?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!