If I change my server bcrypt can remember salt and decrypt Password,How can do that?
Question
I want to deploy my program to another server,my script can decrypt all passwords of my customers in database correctly?
//old server
const bcrypt = require("bcrypt");
const salt = bcrypt.genSalt();
password = bcrypt.hash("password", salt);
//new server
const auth = bcrypt.compare(password, "password")
How can bcrypt decrypt passwords with a variable "salt" that is generated randomly?
1 answers
solution1
0 ACCPTED 2022-01-08 00:39:03
BCrypt hashes are stored in one of two forms.
The more common is Modular Crypt Format and has the form...
$2y$10$kV7kssmFuFOydBewIp9ele8GMkWGDPpte6jGGDAabpsBmxtzWxfZW
Where:
-
$is a delimiter 2indicates the algorithm is BCrypt-
yis the version of BCrypt - 10 is the cost
kV7kssmFuFOydBewIp9eleis the salt8GMkWGDPpte6jGGDAabpsBmxtzWxfZWis the hash.
A more modern alternative is PHC string format which makes it more obvious which parts correspond to which values:
$bcrypt$v=98$r=10$cIF1Ev2ATA6/iYv4kddXCQ$qcrDoGjsiB2eLq1/vCZWiAZ8bEs4+Qs
In both cases, the string persisted to your database contains everything necessary to compare a candidate password: The hash, the salt, and the cost, the algorithm's name, and its version.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.