我应该使用什么列类型/长度来在数据库中存储 Bcrypt 哈希密码?
我想在数据库中存储散列密码(使用 BCrypt).什么是好的类型,哪个是正确的长度?使用 BCrypt 散列的密码是否总是长度相同?
I want to store a hashed password (using BCrypt) in a database. What would be a good type for this, and which would be the correct length? Are passwords hashed with BCrypt always of same length?
编辑
示例哈希:
$2a$10$KssILxWNR6k62B7yiX0GAe2Q7wwHlrzhF3LqtVvpyvHZf0MwvNfVu
在对一些密码进行散列后,BCrypt 似乎总是生成 60 个字符的散列.
After hashing some passwords, it seems that BCrypt always generates 60 character hashes.
编辑 2
抱歉没有提到实现.我正在使用 jBCrypt.
Sorry for not mentioning the implementation. I am using jBCrypt.
推荐答案
bcrypt 的模块化 crypt 格式包括
The modular crypt format for bcrypt consists of
$2$
、$2a$
或$2y$
标识 散列算法和格式- 表示成本参数的两位数值,后跟
$
- 一个 53 个字符长的 base-64 编码值(它们使用字母
.
、/
、0
–9
,A
–Z
,a
–z
与标准 Base 64 编码 字母表)包括:- salt 的 22 个字符(实际上只有 132 个解码位中的 128 个位)
- 31 个字符的加密输出(实际上只有 186 个解码位中的 184 个位)
$2$
,$2a$
or$2y$
identifying the hashing algorithm and format- a two digit value denoting the cost parameter, followed by
$
- a 53 characters long base-64-encoded value (they use the alphabet
.
,/
,0
–9
,A
–Z
,a
–z
that is different to the standard Base 64 Encoding alphabet) consisting of:- 22 characters of salt (effectively only 128 bits of the 132 decoded bits)
- 31 characters of encrypted output (effectively only 184 bits of the 186 decoded bits)
因此总长度分别为 59 或 60 字节.
Thus the total length is 59 or 60 bytes respectively.
当您使用 2a 格式时,您将需要 60 个字节.因此对于 MySQL,我建议使用
CHAR(60) BINARY
或BINARY(60)
(参见 _bin 和 binary 排序规则 以了解区别).As you use the 2a format, you’ll need 60 bytes. And thus for MySQL I’ll recommend to use the
CHAR(60) BINARY
orBINARY(60)
(see The _bin and binary Collations for information about the difference).CHAR
不是二进制安全的,相等性不仅取决于字节值,还取决于实际的排序规则;在最坏的情况下,A
被视为等于a
.参见_bin
和 <代码>二进制排序规则了解更多信息.CHAR
is not binary safe and equality does not depend solely on the byte value but on the actual collation; in the worst caseA
is treated as equal toa
. See The_bin
andbinary
Collations for more information.
相关文章