使用 node.js 加密/解密密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14871992/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
encrypt/decrypt passwords with node.js
提问by Ludo
I am working with the bcryptnodejs module.
我正在使用bcryptnodejs 模块。
I am satisfied with it to encrypt and compare passwords, but it seems impossible to decrypt it.
我很满意它可以加密和比较密码,但似乎无法解密它。
I am wondering:
我想知道:
- How do you encrypt/decrypt passwords with nodejs (which module or method are you using) ?
- Is there a trick to decrypt the passwords encoded with the
bcryptmodule ?
- 您如何使用 nodejs 加密/解密密码(您使用的是哪个模块或方法)?
- 是否有解密
bcrypt模块编码的密码的技巧?
Thanks !
谢谢 !
回答by Roger Lipscombe
You don't decrypt passwords with bcrypt -- it's a one-way algorithm. What you do is store the hash of the original (salted) password. Then you hash the (salted) guess. If the hashes match, then the guess is correct.
你不用 bcrypt 解密密码——它是一种单向算法。您所做的是存储原始(加盐)密码的哈希值。然后你散列(加盐的)猜测。如果散列匹配,则猜测是正确的。
For example, you might do this:
例如,您可以这样做:
// "password"
var stored_hash = 'a$vxliJ./aXotlnxS9HaJoXeeASt48.ddU7sHNOpXC/cLhgzJGdASCe'
bcrypt.compare(guess, stored_hash, function(err, res) {
});
Note that I've not salted this, so you'll need to do that.node-bcryptsalts the hash by default.
请注意,我没有加盐,所以你需要这样做。node-bcrypt默认情况下对哈希进行加盐。
回答by khurrum qureshi
Much better way of doing that is using this node module https://github.com/davidwood/node-password-hashwhich can encrypt your password and also allow to veify encrypted version with the actual one.
更好的方法是使用此节点模块https://github.com/davidwood/node-password-hash,它可以加密您的密码,还允许使用实际密码验证加密版本。
