Home > Enterprise >  If I change my server bcrypt can remember salt and decrypt Password,How can do that?
If I change my server bcrypt can remember salt and decrypt Password,How can do that?

Time:01-08

I want to deploy my program to another server,my script can decrypt all passwords of my customers in database correctly?

//old server
const bcrypt = require("bcrypt");
const salt = bcrypt.genSalt();
password = bcrypt.hash("password", salt);

//new server 
const auth = bcrypt.compare(password, "password")

How can bcrypt decrypt passwords with a variable "salt" that is generated randomly ?

CodePudding user response:

BCrypt hashes are stored in one of two forms.

The more common is Modular Crypt Format and has the form...

$2y$10$kV7kssmFuFOydBewIp9ele8GMkWGDPpte6jGGDAabpsBmxtzWxfZW

Where:

  • $ is a delimiter
  • 2 indicates the algorithm is BCrypt
  • y is the version of BCrypt
  • 10 is the cost
  • kV7kssmFuFOydBewIp9ele is the salt
  • 8GMkWGDPpte6jGGDAabpsBmxtzWxfZW is the hash.

A more modern alternative is PHC string format which makes it more obvious which parts correspond to which values:

$bcrypt$v=98$r=10$cIF1Ev2ATA6/iYv4kddXCQ$qcrDoGjsiB2eLq1/vCZWiAZ8bEs4 Qs

In both cases, the string persisted to your database contains everything necessary to compare a candidate password: The hash, the salt, and the cost, the algorithm's name, and its version.

Page link:https//www.codepudding.com/Enterprise/255340.html

Prev:How do I make this line's width randomly grow?
Next:Looking to remove any value after :->
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding