问题
Some of developers need to move storage from parse.com to another servers.
When I exported my data from parse, I get json data. This json data has encrypted passwords (bcrypt) like:
$2a$10$pcR4SaZd3PMD/nXQKMssxupMLncDoFwfU7avg/wdpLVChNqGOXbLu
I try to understand, how to check password from user in this case.
I using jBcrypt like this:
import org.mindrot.jbcrypt.BCrypt;
public class Main {
public static void main(String[] args) {
String candidate = "$2a$10$pcR4SaZd3PMD/nXQKMssxupMLncDoFwfU7avg/wdpLVChNqGOXbLu";
String password = "123";
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());
if (BCrypt.checkpw(candidate, hashed)) {
System.out.println("It matches");
}
else {
System.out.println("It does not match");
}
}
}
In this case passwords don't much. But if we go to https://www.dailycred.com/article/bcrypt-calculator and try to use BCrypt Tester with hashed, candidate strings and "123" password it's all ok.
How can I understand do user's password match with bcrypt string or not?
回答1:
BCrypt.checkpw() takes a plain text password as it's first parameter, and will then hash it and compare it to the second parameter (docs); in your case you're giving it an already hashed password as it's first parameter, which it will then hash again hence it not matching.
来源:https://stackoverflow.com/questions/35523233/how-to-check-bcrypt-password-using-jbcrypt-move-storage-from-parse-com-to-fire