[英]How do I generate hash and salt in java and nodejs with the same database
we are using one db(mongo) for our mobile(nodejs) and desktop(java) application. 我们正在为移动(nodejs)和桌面(java)应用程序使用一个db(mongo)。
The problem is, we want to use a different login/signup rest services for both app. 问题是,我们要为两个应用程序使用不同的登录/注册休息服务。 Right now, our signup module is implemented only in java(encryption). 现在,我们的注册模块仅在java(encryption)中实现。 We create a salt using SecureRandom library of java, put in in the db then use it to generate the password hash. 我们使用Java的SecureRandom库创建一个salt,将其放入db中,然后使用它生成密码哈希。 Then when the user logs in, we just get the user's salt(assuming it exist) and then generate again a hash password using the salt from the db then compare the generated hash password in the database. 然后,当用户登录时,我们仅获取用户的salt(假设存在),然后使用来自数据库的salt再次生成哈希密码,然后在数据库中比较生成的哈希密码。
The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java. 问题出在nodejs中,我找不到任何可以像Java中生成的那样生成精确盐的模块/库。
I need to hash the unencrypted password in nodejs then compare it to the hashed password in the db that was generated in java. 我需要对nodejs中未加密的密码进行哈希处理,然后将其与Java中生成的db中的哈希密码进行比较。
How do I approach this problem? 我该如何解决这个问题? Any help would be much appreciated. 任何帮助将非常感激。 Thanks. 谢谢。
There is no need to create exact the same salt because a salt is only created once and then stored somewhere. 无需创建完全相同的盐,因为盐仅创建一次,然后存储在某个位置。 All others have to use this salt. 所有其他人都必须使用这种盐。 So if node.js has a different salt creation (ie Math.random()
) that is ok, because 因此,如果node.js具有不同的盐创建方式(即Math.random()
),那是可以的,因为
What you need is the same hashing mechanism ! 您需要的是相同的哈希机制 ! This should be easy, because there are plenty implementations of various hashing algorythms in Java and node.js that are compatible to each other (ie md5 or sha3). 这应该很容易,因为Java和node.js中有很多相互兼容的哈希算法(例如md5或sha3)实现。
The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java. 问题出在nodejs中,我找不到任何可以像Java中生成的那样生成精确盐的模块/库。
If you would find a way to generate two exactly same salts in different times then it would beat the purpose of salting because best salts are as random as possible. 如果您找到在不同时间生成两种完全相同的盐的方法,那么它将超出盐化的目的,因为最好的盐尽可能地是随机的。 What you need to do is fetch the salt from the database where Java strored it and use the fetched salt to perform hashing. 您需要做的是从Java对其进行存储的数据库中获取盐,并使用所获取的盐来执行哈希。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.