Regular expression to find bcrypt hash?

后端 未结 4 1196
Happy的楠姐
Happy的楠姐 2021-02-12 22:26

I am looking to find bcrypt hash string using regex (in PowerGrep), in a database.

Tried this regex:

{?A-Za-z_0-9.{60}}?

But no match w

4条回答
  •  南笙
    南笙 (楼主)
    2021-02-12 23:00

    Just as an addition to the answer above from @stribizhev. The bcrypt hashes you might encounter out there in the wild come in a few varieties, so you may have to modify the regex to catch all of them. The variations are as follows:

    The "Algorithm Identifier" portion of the hash may include:

    • "2" - the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore.

    • "2a" - some implementations suffered from a very rare security flaw.

    • "2y" - format specific to the crypt_blowfish BCrypt implementation, identical to "2a" in all but name.

    • "2b" - latest revision of the official BCrypt algorithm

    ^\$2[ayb]\$.{56}$
    

    seems to work for me

    see here for the breakdown of a bcrypt hash: Can someone explain how BCrypt verifies a hash?

提交回复
热议问题