堆栈内存溢出
  简体   繁体   English

如何在具有相同数据库的Java和Node.js中生成哈希和盐

[英]How do I generate hash and salt in java and nodejs with the same database

 原文  2014-01-21 08:41:31       java/ node.js/ mongodb/ hash/ salt

问题描述

we are using one db(mongo) for our mobile(nodejs) and desktop(java) application. 我们正在为移动(nodejs)和桌面(java)应用程序使用一个db(mongo)。

The problem is, we want to use a different login/signup rest services for both app. 问题是,我们要为两个应用程序使用不同的登录/注册休息服务。 Right now, our signup module is implemented only in java(encryption). 现在,我们的注册模块仅在java(encryption)中实现。 We create a salt using SecureRandom library of java, put in in the db then use it to generate the password hash. 我们使用Java的SecureRandom库创建一个salt,将其放入db中,然后使用它生成密码哈希。 Then when the user logs in, we just get the user's salt(assuming it exist) and then generate again a hash password using the salt from the db then compare the generated hash password in the database. 然后,当用户登录时,我们仅获取用户的salt(假设存在),然后使用来自数据库的salt再次生成哈希密码,然后在数据库中比较生成的哈希密码。

The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java. 问题出在nodejs中,我找不到任何可以像Java中生成的那样生成精确盐的模块/库。

I need to hash the unencrypted password in nodejs then compare it to the hashed password in the db that was generated in java. 我需要对nodejs中未加密的密码进行哈希处理,然后将其与Java中生成的db中的哈希密码进行比较。

How do I approach this problem? 我该如何解决这个问题? Any help would be much appreciated. 任何帮助将非常感激。 Thanks. 谢谢。

2 个解决方案

解决方案1
 3  2014-01-21 09:48:59

There is no need to create exact the same salt because a salt is only created once and then stored somewhere. 无需创建完全相同的盐,因为盐仅创建一次,然后存储在某个位置。 All others have to use this salt. 所有其他人都必须使用这种盐。 So if node.js has a different salt creation (ie Math.random() ) that is ok, because 因此,如果node.js具有不同的盐创建方式(即Math.random() ),那是可以的,因为

  • you create the salt normally only on one side of the river 你通常只在河的一侧创造盐
  • if you create it on both sides the other one has to use it anyway 如果您在两边都创建它,则另一边还是要使用它

What you need is the same hashing mechanism ! 您需要的是相同的哈希机制 This should be easy, because there are plenty implementations of various hashing algorythms in Java and node.js that are compatible to each other (ie md5 or sha3). 这应该很容易,因为Java和node.js中有很多相互兼容的哈希算法(例如md5或sha3)实现。

解决方案2
 2  2014-01-21 09:52:08

The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java. 问题出在nodejs中,我找不到任何可以像Java中生成的那样生成精确盐的模块/库。

If you would find a way to generate two exactly same salts in different times then it would beat the purpose of salting because best salts are as random as possible. 如果您找到在不同时间生成两种完全相同的盐的方法,那么它将超出盐化的目的,因为最好的盐尽可能地是随机的。 What you need to do is fetch the salt from the database where Java strored it and use the fetched salt to perform hashing. 您需要做的是从Java对其进行存储的数据库中获取盐,并使用所获取的盐来执行哈希。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Java中为Salted-Hash生成SALT? - How do I generate a SALT in Java for Salted-Hash? 使用Java使用bCrypt加密密码后,如何从哈希中分离出盐? - How Do I Separate The Salt from the Hash After Encrypting a Password with bCrypt using Java? 如何使用密码和盐进行AES加密,使得我只能在Java中使用相同的密码和盐进行解密 - How can I do an AES encryption using a password and a salt in such a way that I can decrypt using only that same password and salt in Java 如何在Java中生成SALT值? - How to generate SALT value in Java? 如何在Java中使用哈希sha256生成哈希代码? - How do I generate a hash code with hash sha256 in java? 如何使用命令行生成带有盐的sha512哈希? - How to generate sha512 hash with a salt using command line? 如何使用PBKDF2在Java和Ruby中生成相同的安全哈希 - How can I generate the same secure hash in Java and Ruby using PBKDF2 如何在Java中创建哈希表? - How do I create a hash table in Java? 如何在Java中生成MD5 hash? - How can I generate an MD5 hash in Java? 我如何证明 Object.hashCode() 可以为 Java 中的两个不同对象生成相同的哈希码? - How do I prove that Object.hashCode() can produce same hash code for two different objects in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM