有人能解释BCrypt如何验证哈希？

本文介绍了有人能解释BCrypt如何验证哈希？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我使用C＃和BCrypt.Net哈希我的密码。

例如：

 字符串盐= BCrypt.Net.BCrypt.GenerateSalt（6）;
VAR hashedPassword = BCrypt.Net.BCrypt.HashPassword（密码，盐）;//这个计算结果为真。怎么样？我不告诉它的任何地方盐，也
//它是一个BCrypt实例的成员，因为没有BCRYPT实例。
Console.WriteLine（BCrypt.Net.BCrypt.Verify（密码，hashedPassword））;
Console.WriteLine（hashedPassword）;

如何BCrypt与哈希验证密码，如果它不保存任何地方盐。我唯一的想法是，它以某种方式在哈希的最后追加盐。

这是一个正确的假设？

解决方案

Clearly it is not doing any such thing. The salt has to be saved somewhere.

Let's look up password encryption schemes on Wikipedia. From http://en.wikipedia.org/wiki/Crypt_(Unix) :

Alternatively, an answer to your previous question on this subject included a link to the source code. Rather than asking the internet to read the source code for you, you could always choose to read it yourself. That would probably get your answer faster. The relevant section of the source code is:

    StringBuilder rs = new StringBuilder();
    rs.Append("$2");
    if (minor >= 'a') {
        rs.Append(minor);
    }
    rs.Append('$');
    if (rounds < 10) {
        rs.Append('0');
    }
    rs.Append(rounds);
    rs.Append('$');
    rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
    rs.Append(EncodeBase64(hashed,(bf_crypt_ciphertext.Length * 4) - 1));
    return rs.ToString();

Clearly the returned string is version information, followed by the number of rounds used, followed by the salt encoded as base64, followed by the hash encoded as base64.

这篇关于有人能解释BCrypt如何验证哈希？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！