比较Python生成的哈希与J中的原始密码时,salt修订无效

2024-04-20 13:01:29 发布

您现在位置:Python中文网/ 问答频道 /正文
8622 3

因此,我创建了一个存储用户信息及其哈希密码的数据库,该数据库使用一个使用bcrypt模块的Python脚本进行哈希处理。在

现在要使用我的Java客户机登录,我将使用IntelliJ项目中作为Maven依赖项包含的JBCrypt库。它检索哈希,数据库连接工作正常,唯一的问题是它抛出以下错误:

Exception in thread "AWT-EventQueue-0" java.lang.IllegalArgumentException: Invalid salt revision
    at org.mindrot.jbcrypt.BCrypt.hashpw(BCrypt.java:671)
    at org.mindrot.jbcrypt.BCrypt.checkpw(BCrypt.java:763)
    at mypackage.Login.validateUser(Login.java:81)
    at mypackage.Login.actionPerformed(Login.java:63)
    at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967)
    at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308)
    at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
    at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)
    at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:269)
    at java.desktop/java.awt.Component.processMouseEvent(Component.java:6578)
    at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3343)
    at java.desktop/java.awt.Component.processEvent(Component.java:6343)
    at java.desktop/java.awt.Container.processEvent(Container.java:2259)
    at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4961)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2317)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4793)
    at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4904)
    at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4539)
    at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4480)
    at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2303)
    at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2758)
    at java.desktop/java.awt.Component.dispatchEvent(Component.java:4793)
    at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:766)
    at java.desktop/java.awt.EventQueue.access$500(EventQueue.java:97)
    at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:717)
    at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:711)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:99)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:739)
    at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:737)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
    at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:736)
    at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:199)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
    at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
    at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
    at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

检查代码如下:

^{pr2}$

编辑:Python模块脚本中哈希密码和原始密码的示例如下:

Raw:    zO/15;w|c'*uftH)
Hashed: $2b$12$7Y4ZmORuoH0dziYSg8dpd.PfvWQx2QPcoiRoGWg.HKfhuN6evEZnO

**编辑:**我注意到这是因为JBCrypt似乎不支持大于$2a哈希的任何内容。我找不到Python的bcrypt模块文档,因此无法确定是否可以在Python代码中使用$2a哈希。在


Tags: runbasecontainerjavaatcomponentsecuritydesktop
2条回答
网友
1楼 · 编辑于 2024-04-20 13:01:29

从源代码来看,异常似乎来自checking the format of the hashed password

    if (salt.charAt(0) != '$' || salt.charAt(1) != '2')
        throw new IllegalArgumentException ("Invalid salt version");
    if (salt.charAt(2) == '$')
        off = 3;
    else {
        minor = salt.charAt(2);
        if (minor != 'a' || salt.charAt(3) != '$')
            throw new IllegalArgumentException ("Invalid salt revision");
        off = 4;
    }

所以我的猜测是dbHash由于某种原因与格式不匹配。或者它是由不兼容的版本生成的。或者它实际上没有散列。或者是空的。在

网友
2楼 · 编辑于 2024-04-20 13:01:29

问题是JBCrypt的问题。它已过时(它只能验证$2a哈希。在

因此,为了解决这个问题,我不得不更改Python脚本来生成一个使用$2a前缀的salt:

Adjustable Prefix

Another one of bcrypt’s features is an adjustable prefix to let you define what libraries you’ll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

https://pypi.python.org/pypi/bcrypt/3.1.0

相关问题 更多 >

    编程相关推荐