[英]How do I replicate this PHP hashing implementation in Node.js?
我正在尝试在 node.js (LTS latest--14.x) 中重新创建密码散列实现,该实现最初是用 PHP (7.2) 编写的。 我相信我编写的 node.js 实现应该做同样的事情; 但是,node.js 在循环中第一次通过 hash 后会有所不同。 我在这里想念什么?
PHP 实现(我无法更改它,因为它是 web 框架的一部分,并且现有的身份验证依赖于保持不变的散列机制):
$algo = "sha512";
$salt = "someSalt";
$password = 'somePassword';
$count = 32768;
$hash = hash($algo, $salt . $password, TRUE);
// $hash is the same as in the corresponding line in the node.js implementation
do {
$hash = hash($algo, $hash . $password, TRUE);
// $hash differs from the node.js implementation after the first pass here... why?
} while (--$count);
Node.js 实现:
const crypto = require('crypto');
const algorithm = 'sha512';
const salt = 'someSalt';
const password = 'somePassword';
let count = 32768;
let hash = crypto
.createHash(algorithm)
.update(salt + password)
.digest('binary');
// hash is the same as in the PHP implementation here
do {
hash = crypto.createHash(algorithm).update(hash + password).digest('binary');
// hash differs between the two implementations after the first pass here... why?
} while (--count);
编辑:更新以显示原始 Node.js 实现,其中我没有对传递给update()
的数据进行字符串化。
扩展我的评论是我认为以下可能有效。
节点:
const crypto = require('crypto');
const algorithm = 'sha512';
const salt = 'someSalt';
const password = 'somePassword';
let count = 32768;
let hash = crypto
.createHash(algorithm)
.update(String(salt) + String(password))
.digest('hex');
// hash is the same as in the PHP implementation here
do {
hash = crypto.createHash(algorithm).update(String(hash) + String(password)).digest('hex');
// hash differs between the two implementations after the first pass here... why?
} while (--count);
console.log(hash);
PHP 代码:
$algo = "sha512";
$salt = "someSalt";
$password = 'somePassword';
$count = 32768;
$hash = bin2hex(hash($algo, $salt . $password, TRUE));
// $hash is the same as in the corresponding line in the node.js implementation
do {
$hash = bin2hex(hash($algo, $hash . $password, TRUE));
// $hash differs from the node.js implementation after the first pass here... why?
} while (--$count);
var_dump($hash);
用来自 NODE 的 output 确认了我的发现:
node nodeTest.js
df8202221e5cbff38c16a33945efa8dcb44d0e7267cdf1514cefffb3df321f69ad1d9b01cfb6360391f1de4791e26a179fd165248b4b75699cb2d3395c971351
PHP output:
php test.php
string(128) "df8202221e5cbff38c16a33945efa8dcb44d0e7267cdf1514cefffb3df321f69ad1d9b01cfb6360391f1de4791e26a179fd165248b4b75699cb2d3395c971351"
在循环中进行散列时,我必须将'binary'
传递给update()
,因为提供的数据是二进制的。
// The data being passed to update() here is string (update defaults to utf-8, I believe).
let hash = crypto
.createHash(algorithm)
.update(salt + password)
.digest('binary');
do {
// The data being passed to update() is binary.
hash = crypto.createHash(algorithm).update(hash + password, 'binary').digest('binary');
} while (--count);
信用:@Topaco 为我的问题找到解决方案!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.