I want to deploy my program to another server,my script can decrypt all passwords of my customers in database correctly?
//old server
const bcrypt = require("bcrypt");
const salt = bcrypt.genSalt();
password = bcrypt.hash("password", salt);
//new server
const auth = bcrypt.compare(password, "password")
How can bcrypt decrypt passwords with a variable "salt" that is generated randomly?
BCrypt hashes are stored in one of two forms.
The more common is Modular Crypt Format and has the form...
$2y$10$kV7kssmFuFOydBewIp9ele8GMkWGDPpte6jGGDAabpsBmxtzWxfZW
Where:
$
is a delimiter 2
indicates the algorithm is BCrypt y
is the version of BCrypt kV7kssmFuFOydBewIp9ele
is the salt 8GMkWGDPpte6jGGDAabpsBmxtzWxfZW
is the hash. A more modern alternative is PHC string format which makes it more obvious which parts correspond to which values:
$bcrypt$v=98$r=10$cIF1Ev2ATA6/iYv4kddXCQ$qcrDoGjsiB2eLq1/vCZWiAZ8bEs4+Qs
In both cases, the string persisted to your database contains everything necessary to compare a candidate password: The hash, the salt, and the cost, the algorithm's name, and its version.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.