堆栈内存溢出
  简体   繁体   English

使用nodejs检查symfony,fos用户加密的密码

[英]check symfony, fos-user encrypted password with nodejs

 原文  2018-01-04 07:33:21       php/ node.js/ symfony

问题描述

I need to validate a password in a Symfony 3.3 / FriendsOfSymfony UserBundle 1.3 application from an AWS Lambda function. 我需要通过AWS Lambda函数在Symfony 3.3 / FriendsOfSymfony UserBundle 1.3应用程序中验证密码。

The relevant password hashing code in Symfony is here https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php#L52 Symfony中的相关密码哈希码在此处https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php#L52

However the code doesn't produce the same hashes even at the first line. 但是,即使在第一行,代码也不会产生相同的哈希值。

In Symfony with password=test, salt=asLZCFQJ5flTtOWdphjKtpngthjK6h2FtMRSIZZ2bus 在使用密码= test的Symfony中,salt = asLZCFQJ5flTtOWdphjKtpngthjK6h2FtMRSIZZ2bus 

    $salted = $this->mergePasswordAndSalt($raw, $salt);
    $digest = hash($this->algorithm, $salted, true);

    //base64_encode($digest) == '2QhirHmPwt0O5MrtTdfWsWKCCeOQO/y02Di04/aUIJxWhdNDQSGCaUuL1ONLUasdsD88CBSIzGwsePqGTCcQmA=='

    // "stretch" hash
    for ($i = 1; $i < $this->iterations; ++$i) {
        $digest = hash($this->algorithm, $digest.$salted, true);
    }

With the same details in nodejs I get: 使用nodejs中的相同详细信息,我得到: 

    var pass='test';
    var salt='asLZCFQJ5flTtOWdphjKtpngthjK6h2FtMRSIZZ2bus';

    var salted = pass + '{' + salt + '}';

    var digest = sha512.update(salted).digest('binary');

    //new Buffer(digest).toString('base64') == 'w5kIYsKsecKPw4LDnQ7DpMOKw61Nw5fDlsKxYsKCCcOjwpA7w7zCtMOYOMK0w6PDtsKUIMKcVsKFw5NDQSHCgmlLwovDlMOjS1HCqx3CsD88CBTCiMOMbCx4w7rChkwnEMKY'
    for (var i = 1; i < 5000; ++i) {
        digest = require('crypto').createHash('sha512').update(digest + salted).digest('binary');

        process.stdout.write(new Buffer(digest).toString('base64')+"\n");
    }

or is this a character encoding problem? 还是这是字符编码问题? The first 3 characters of the binary hash look very similar in the debuggers. 二进制哈希的前三个字符在调试器中看起来非常相似。

Screenshot from PHPStorm PHPStorm的屏幕截图

PHPStorm的屏幕截图

Screenshot from WebStorm WebStorm的屏幕截图

WebStorm的屏幕截图

1 个解决方案

解决方案1
 0 已采纳  2018-01-09 09:11:26

I have resolved this by switching the encryption method to bcrypt. 我已通过将加密方法切换为bcrypt解决了此问题。 This answer describes how to check the resulting password: https://stackoverflow.com/a/26643637/123594 此答案描述了如何检查生成的密码: https : //stackoverflow.com/a/26643637/123594

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Symfony2 FOS用户密码检查回调约束 - Symfony2 FOS User password check callback constraint 对symfony2和fos用户进行多重检查 - Mutltiple check on symfony2 and fos User fos创建用户Symfony - fos create user Symfony Symfony 4的FOS用户 - FOS user for symfony 4 如何在 Symfony 4 中使用 fos 用户将用户迁移到新的密码哈希算法? - How to Migrate users to new password hashing algorithms with fos user in Symfony 4? Symfony fos_user在Laravel中捆绑编码密码 - Symfony到Laravel Migration - Symfony fos_user bundle encoded password in Laravel - Symfony to Laravel Migration Symfony FOS用户包启动 - Symfony FOS user bundle initiation 具有自定义用户的Symfony FOS OAuth - Symfony FOS OAuth with custom User 使用FOS User Bundle恢复密码 - Password recovery with FOS User bundle Symfony 3-如何通过bcrypt加密的密码对用户进行身份验证? - Symfony 3 - How to authenticate a user from a password encrypted by bcrypt?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM