问题描述

一些开发人员需要将存储从 parse.com 移动到另一台服务器.

Some of developers need to move storage from parse.com to another servers.

当我从 parse 导出数据时，我得到了 json 数据.此 json 数据具有加密密码 (bcrypt)，例如:

When I exported my data from parse, I get json data. This json data has encrypted passwords (bcrypt) like:

$2a$10$pcR4SaZd3PMD/nXQKMssxupMLncDoFwfU7avg/wdpLVChNqGOXbLu

我试着理解，在这种情况下如何检查用户的密码.

I try to understand, how to check password from user in this case.

我像这样使用 jBcrypt:

I using jBcrypt like this:

import org.mindrot.jbcrypt.BCrypt;

public class Main {

    public static void main(String[] args) {
        String candidate = "$2a$10$pcR4SaZd3PMD/nXQKMssxupMLncDoFwfU7avg/wdpLVChNqGOXbLu";
        String password = "123";

        String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

        if (BCrypt.checkpw(candidate, hashed)) {
            System.out.println("It matches");
        }

        else {
            System.out.println("It does not match");
        }
    }
}

在这种情况下，密码并不多.但是如果我们去https://www.dailycred.com/article/bcrypt-calculator并尝试使用带有散列、候选字符串和123"密码的 BCrypt Tester 一切正常.

In this case passwords don't much. But if we go to https://www.dailycred.com/article/bcrypt-calculatorand try to use BCrypt Tester with hashed, candidate strings and "123" password it's all ok.

我如何理解用户的密码是否与 bcrypt 字符串匹配?

How can I understand do user's password match with bcrypt string or not?

推荐答案

BCrypt.checkpw() 将纯文本密码作为第一个参数，然后将其散列并与第二个参数进行比较参数 (文档);在你的情况下，你给它一个已经散列的密码作为它的第一个参数，然后它会再次散列，因此它不匹配.

BCrypt.checkpw() takes a plain text password as it's first parameter, and will then hash it and compare it to the second parameter (docs); in your case you're giving it an already hashed password as it's first parameter, which it will then hash again hence it not matching.

这篇关于如何使用jBcrypt检查bcrypt密码?(将存储从 Parse.com 移动到 Firebase)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！