问题描述

一些开发人员需要将存储从parse.com移至另一台服务器.

Some of developers need to move storage from parse.com to another servers.

当我从解析导出数据时，我得到json数据.此json数据具有加密密码(bcrypt)，例如:

When I exported my data from parse, I get json data. This json data has encrypted passwords (bcrypt) like:

我试图理解，在这种情况下如何从用户检查密码.

I try to understand, how to check password from user in this case.

我这样使用jBcrypt:

I using jBcrypt like this:

import org.mindrot.jbcrypt.BCrypt;

public class Main {

    public static void main(String[] args) {
        String candidate = "$2a$10$pcR4SaZd3PMD/nXQKMssxupMLncDoFwfU7avg/wdpLVChNqGOXbLu";
        String password = "123";

        String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

        if (BCrypt.checkpw(candidate, hashed)) {
            System.out.println("It matches");
        }

        else {
            System.out.println("It does not match");
        }
    }
}

在这种情况下，密码不多.但是，如果我们转到 https://www.dailycred.com/article/bcrypt-calculator并尝试使用带有散列的候选字符串和"123"密码的BCrypt Tester都是可以的.

In this case passwords don't much. But if we go to https://www.dailycred.com/article/bcrypt-calculatorand try to use BCrypt Tester with hashed, candidate strings and "123" password it's all ok.

我如何理解用户密码是否与bcrypt字符串匹配?

How can I understand do user's password match with bcrypt string or not?

推荐答案

BCrypt.checkpw()将纯文本密码作为第一个参数，然后对其进行哈希处理并将其与第二个参数进行比较参数(文档)；在您的情况下，您要为它提供一个已经是哈希值的密码作为它的第一个参数，然后它将再次哈希值，因此不匹配.

BCrypt.checkpw() takes a plain text password as it's first parameter, and will then hash it and compare it to the second parameter (docs); in your case you're giving it an already hashed password as it's first parameter, which it will then hash again hence it not matching.

这篇关于如何使用jBcrypt检查bcrypt密码?(将存储空间从Parse.com移至Firebase)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！