我正在使用bcryptnodejs 模块。
我对加密和比较密码感到满意,但似乎无法解密。
我想知道:
- 您如何使用 nodejs 加密/解密密码(您使用的是哪个模块或方法)?
- 是否有解密
bcrypt模块编码的密码的技巧?
谢谢 !
问问题
37849 次
2 回答
15
You don't decrypt passwords with bcrypt -- it's a one-way algorithm. What you do is store the hash of the original (salted) password. Then you hash the (salted) guess. If the hashes match, then the guess is correct.
Fortunately, the node-bcrypt library does all of this for you, so you only need to provide the plaintext guess and the hash (from the database).
For example, you might do this:
// "password"; usually stored in the database in the user's row.
var stored_hash = '$2a$10$vxliJ./aXotlnxS9HaJoXeeASt48.ddU7sHNOpXC/cLhgzJGdASCe'
bcrypt.compare(guess, stored_hash, function(err, res) {
});
于 2013-02-14T09:54:50.290 回答
1
更好的方法是使用此节点模块https://github.com/davidwood/node-password-hash,它可以加密您的密码并允许使用实际密码验证加密版本。
于 2013-02-14T12:34:47.123 回答