bcrypt哈希密码可以转换为SHA2吗?
[英]Can a bcrypt hashed password be converted to SHA2?
问题描述
I have two applications that use different ways to hash the users password. 
我有两个使用不同方式对用户密码进行哈希处理的应用程序。 I want to syncronize these applications so that the user is allowed to login with the same user credentials. 我想同步这些应用程序,以便允许用户使用相同的用户凭据登录。
Is it possible to convert a bcrypt password to SHA2? 是否可以将bcrypt密码转换为SHA2?
1 个解决方案
解决方案1
-1 2017-04-02 15:11:06
Bcrypt and SHA-256 is a one-way hashing algorithm, you can't decrypt hashes (without brute-forcing). Bcrypt和SHA-256是一种单向哈希算法,您不能解密哈希(没有强制破解)。 You cannot do a bulk password change. 您无法更改批量密码。 However, it is still possible to convert your database from one algorithm to another. 但是,仍然可以将数据库从一种算法转换为另一种算法。 Here's how: 这是如何做:
Each time a user is logged into your website, compare if the supplied password matches the hash saved in your database.
每次用户登录到您的网站时,请比较提供的密码是否与数据库中保存的哈希匹配。 If there is a match, then take the supplied password which would probably be in $_POST['password'] and then hash it to your destination algorithm like
hash('mypassword', 'mypassword');如果匹配,则使用提供的密码(可能在$ _POST ['password']中),然后将其哈希到目标算法,例如hash('mypassword', 'mypassword');
That's the only way you would be able to convert those hashed password. 这是您能够转换这些哈希密码的唯一方法。
In previous version of WordPress, they used to store passwords as hashed MD5. 在WordPress的早期版本中,他们曾经将密码存储为哈希MD5。 They have now introduced a new password algorithm and that how it works to convert old MD5 password hashes when you upgrade. 他们现在介绍了一种新的密码算法,以及该算法如何在升级时转换旧的MD5密码哈希。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.