Home > Backend Development > Golang > How to simulate password hashing of pbkdf2-scala in Golang pbkdf2

How to simulate password hashing of pbkdf2-scala in Golang pbkdf2

PHPz
Release: 2024-02-06 10:30:08
forward
927 people have browsed it

如何在Golang pbkdf2中模拟pbkdf2-scala的密码哈希

问题内容

我们的应用程序使用库 securehash 对象来创建单向密码: https://github.com/nremond/pbkdf2-scala/blob/master/src/main/scala/io/github/nremond/securehash.scala

现在我的问题是我在 go 中的代码返回 -1 进行密码检查。

package main

import (
    "bytes"
    "crypto/rand"
    "crypto/sha512"
    "fmt"
    "golang.org/x/crypto/pbkdf2"
    "math/big"
    "strings"
)

func main() {
    iteration := 25000

    // Hash User input
    password := []byte("123")
    salt := "yCyQMMMBt1TuPa1F9FeKfT0yrNIF8tLB"
    key := pbkdf2.Key(password, []byte(salt), iteration, sha512.Size, sha512.New)

    // COMPARE PASSWORD fetched from DB
        // 123 hash in scala
    tokenS := strings.Split("$pbkdf2-sha512$25000$yCyQMMMBt1TuPa1F9FeKfT0yrNIF8tLB$TtQt5BZLs4qlA0YAkcGukZwu7pkxOLcxwuoQB3qNtxM", "$")
    passwordHashInDatabase := tokenS[4]
    out := bytes.Compare(key, []byte(passwordHashInDatabase))
    fmt.Println("out: ", out)
}
Copy after login


正确答案


您有几个问题:

  • 在将盐传递给 pbkdf2.key() 之前,您不会对盐进行 base64 解码,并且在将其与 pbkdf2.key() 的结果进行比较之前,您不会对从数据库获取的密钥进行 base64 解码。另请注意,scala 实现在 base64 解码/编码之前/之后进行了一些字符替换。这也需要在 go 实现中复制。

  • scala 实现中的 createhash() 方法有一个 dklength 参数,默认为 32。在 go 实现中,您提供的是 sha512.size 的结果,它是 64 并且不匹配。我知道使用了默认值,因为数据库中的值是 32 字节长。

这是一个仓促修复的实现:

package main

import (
    "bytes"
    "crypto/sha512"
    "encoding/base64"
    "fmt"
    "log"
    "strings"

    "golang.org/x/crypto/pbkdf2"
)

func b64decode(s string) ([]byte, error) {
    s = strings.replaceall(s, ".", "+")
    return base64.rawstdencoding.decodestring(s)
}

func main() {
    iteration := 25000

    // hash user input
    password := []byte("123")
    salt, err := b64decode("ycyqmmmbt1tupa1f9fekft0yrnif8tlb")
    if err != nil {
        log.fatal("failed to base64 decode the salt: %s", err)
    }
    key := pbkdf2.key(password, salt, iteration, 32, sha512.new)

    // compare password fetched from db
    // 123 hash in scala
    tokens := strings.split("$pbkdf2-sha512$25000$ycyqmmmbt1tupa1f9fekft0yrnif8tlb$ttqt5bzls4qla0yakcgukzwu7pkxolcxwuoqb3qntxm", "$")
    passwordhashindatabase, err := b64decode(tokens[4])
    if err != nil {
        log.fatal("failed to base64 decode password hash from the database: %s", err)
    }
    fmt.printf("%x\n%x\n", key, passwordhashindatabase)
    fmt.printf("%d\n%d\n", len(key), len(passwordhashindatabase))
    out := bytes.compare(key, passwordhashindatabase)
    fmt.println("out: ", out)
}
Copy after login

输出:

4ed42de4164bb38aa503460091c1ae919c2eee993138b731c2ea10077a8db713
4ed42de4164bb38aa503460091c1ae919c2eee993138b731c2ea10077a8db713
32
32
out:  0
Copy after login

去游乐场

The above is the detailed content of How to simulate password hashing of pbkdf2-scala in Golang pbkdf2. For more information, please follow other related articles on the PHP Chinese website!

source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template