堆栈内存溢出
  简体   繁体   English

迁移要由Bcrypt加密的SHA1盐腌哈希

[英]Migrate SHA1 Salted Hashes To Be Encrypted by Bcrypt

 原文  2016-09-18 15:05:46       ruby-on-rails/ sha1/ bcrypt/ bcrypt-ruby

问题描述

I have an old application (built on .Net C#) includes Users table with hashed passwords sha1(password . salt) , and I need to migrate this data safely to my new Rails application (which already encrypting passwords using bcrypt-ruby gem ) and looking for the best solution for this issue but with avoiding the following kind of solutions: 我有一个旧应用程序(建立在.Net C#上),其中包括带有哈希密码sha1(password . salt) )的Users表,并且我需要将该数据安全地迁移到我的新Rails应用程序(该应用程序已经使用bcrypt-ruby gem加密了密码)和寻找最佳解决方案, 但避免以下类型的解决方案:

  1. Reset all current users' passwords and Force them to proceed 'Forget password' procedure 重置当前所有用户的密码,并强制他们继续执行“忘记密码”过程
  2. Use any kind of plain text password (even temporarily while user login for first time into my new application for example). 使用任何类型的纯文本密码(例如,即使在用户首次登录我的新应用程序时也是临时的)。
  3. Use SHA1 same encryption procedure in Rails app also (I need to use BCrypt instead). 在Rails应用程序中也使用SHA1相同的加密过程(我需要改用BCrypt)。

I think that the best approach (as I've read) is to let users log into my new app using their old passwords (and I don't know how to do it) and then encrypt their passwords (by BCrypt) and follow the same procedure of newly registered users' password encryption in Rails app. 我认为最好的方法(如我所读)是让用户使用旧密码(我不知道该怎么做)登录我的新应用,然后(通过BCrypt)加密密码并遵循与在Rails应用程序中新注册用户的密码加密相同的过程。

I appreciate all suggested solutions to solve this issue. 感谢所有解决此问题的建议解决方案。

1 个解决方案

解决方案1
 0 已采纳  2016-09-18 15:41:45

You're on the right track. 您走在正确的轨道上。 You need to... 你需要...

  • Add a sha1_password field to your Users table in the Rails app. 在Rails应用程序的Users表中添加一个sha1_password字段。
  • Modify the authentication to... 修改身份验证为...
    • Check their bcrypt password if it's present. 检查他们的bcrypt密码(如果存在)。
    • Check sha1_password if their new bcrypt password field is blank. 如果sha1_password的新bcrypt密码字段为空,请检查。
    • If there's a match, you know they are migrating, and you have their plain text password as well. 如果有匹配项,您就知道他们正在迁移,并且也有他们的纯文本密码。
    • Set their crypt password field. 设置他们的crypt密码字段。
  • The end. 结束。

This will allow your users to migrate over time. 这将使您的用户能够随着时间的推移进行迁移。 Then at some point you decide you're going to make the rest go the 'reset password' route or at least start annoying them with email and eventually cut over to bcrypt completely. 然后,在某个时候,您决定将其余的设置为“重设密码”路线,或者至少开始用电子邮件来烦扰它们,并最终将其完全加密。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将Ruby on Rails盐腌的bcrypt迁移到md5 - migrate ruby on rails salted bcrypt to md5 我的Rails和Cocoa应用程序之间的SHA1哈希值不匹配 - SHA1 hashes not matching between my Rails and Cocoa apps Digest :: SHA1 :: hexdigest为相同的字符串生成不同的哈希值 - Digest::SHA1::hexdigest producing different hashes for same string Rails中的SHA1哈希 - SHA1 hashing in Rails sha1将brcrypt ruby​​带入轨道 - sha1 to brcrypt ruby on rails 将SHA1转换回字符串 - Convert SHA1 back to string Rails SHA1哈希生成器 - Rails sha1 hash generator 为什么BCrypt不再接受哈希? - Why does BCrypt no longer accept hashes? API sha1哈希生成不匹配 - API sha1 hash generation not matching rails sha1哈希到对象的路由? - rails sha1 hash for route to object?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM