在node.js中validation来自PHP的SHA512哈希
我试图从PHP到Javascript(node.js)端口传统的密码哈希scheme,但我在这个过程中缺less的东西。
原始的,工作的PHP版本
这里是“原始”,工作代码:
function create_hash($password) { $salt = uniqid(); $algorithm = '6'; // CRYPT_SHA512 $rounds = '1234'; // This is the "salt" string we give to crypt(). $cryptSalt = '$' . $algorithm . '$rounds=' . $rounds . '$' . $salt; $hashedPassword = crypt($password, $cryptSalt); return $hashedPassword; } function hash_is_valid($password, $hash) { return (crypt($password, $hash) == $hash); } 使用上述PHP函数进行工作testing:
echo $password = 'secret'; echo '<br /><br />'; echo $hash = create_hash($password); echo '<br /><br />'; echo 'Should be true: '; $valid1 = hash_is_valid($password, $hash); var_dump($valid1); // outputs "bool(true)" echo '<br /><br />'; echo 'Should be false: '; $valid2 = hash_is_valid('wrong_pass', $hash); var_dump($valid2); // outputs "bool(false)" echo '<br /><br />';
Javascript版本(损坏)
这是我到目前为止,但它不是那里
function hash_is_valid(password, hash, cb) { // Hash Format: // $[algorithm]$[number_of_rounds]$[salt]$[hashed_password] let hashParts = hash.split('$') console.log(hashParts) let salt = hashParts[3] let numRounds = parseInt(hashParts[2].substr(7)) // from string like rounds=1234 let originalHashResult = hashParts[4] let salted = password + '{' + salt + '}' let processedHash = crypto.createHash('sha512').update(salted, 'utf-8'); for (let i = 1; i < numRounds ; i++) { processedHash = crypto.createHash('sha512').update(processedHash.digest('binary') + salted); } processedHash = processedHash.digest('base64') // Capture the result let hashVerified = (processedHash === originalHashResult) // Call the callback with the result cb(hashVerified) } hash_is_valid('secret', '$6$rounds=1234$56ab50921c460$P4bgd3kMX2xyWJTDOYAdow.jsXiS2TARUJW4BXifgm4czraOIDFLqZ5Ii50GLIKwYTjWwN6WrtG82omQes0cK0', (passed) => { console.log((passed) ? 'password is good' : 'password is no good') })
基于回答这个问题的JavaScript 如何使用nodejsvalidationSymfony2 sha512密码
JavaScript版本正在使用一些testing值:
密码: secret
哈希: $6$rounds=1234$56ab50921c460$P4bgd3kMX2xyWJTDOYAdow.jsXiS2TARUJW4BXifgm4czraOIDFLqZ5Ii50GLIKwYTjWwN6WrtG82omQes0cK0
你可以使用crypt3 NPM包来完成这个工作:
var crypt = require('crypt3'), password = 'secret', hash = '$6$rounds=1234$56abadac833a5$fQIaUG/da/KqlJc5DzCIym/PL.ZhEdw5VOZsw7mofkm.3aE2rZ/rjDCczymRbj1V3rF6lzJO7DR1WOd2ZnC6O.'; function hash_is_valid(password, hash) { return hash === crypt(password, hash); } console.log(hash_is_valid(password, hash)); // true
PHP的crypt函数和NPM的crypt3包都委托给crypt(3),所以给出相同的数据,应该产生相同的结果。