我应该使用什么列类型/长度来在数据库中存储 Bcrypt 哈希密码?
我想在数据库中存储散列密码(使用 BCrypt).什么是好的类型,哪个是正确的长度?使用 BCrypt 散列的密码是否总是长度相同?
I want to store a hashed password (using BCrypt) in a database. What would be a good type for this, and which would be the correct length? Are passwords hashed with BCrypt always of same length?
编辑
示例哈希:
$2a$10$KssILxWNR6k62B7yiX0GAe2Q7wwHlrzhF3LqtVvpyvHZf0MwvNfVu
在对一些密码进行散列后,BCrypt 似乎总是生成 60 个字符的散列.
After hashing some passwords, it seems that BCrypt always generates 60 character hashes.
编辑 2
抱歉没有提到实现.我正在使用 jBCrypt.
Sorry for not mentioning the implementation. I am using jBCrypt.
推荐答案
bcrypt 的模块化 crypt 格式包括
The modular crypt format for bcrypt consists of
$2$、$2a$或$2y$标识 散列算法和格式- 表示成本参数的两位数值,后跟
$ - 一个 53 个字符长的 base-64 编码值(它们使用字母
.、/、0–9,A–Z,a–z与标准 Base 64 编码 字母表)包括:- salt 的 22 个字符(实际上只有 132 个解码位中的 128 个位)
- 31 个字符的加密输出(实际上只有 186 个解码位中的 184 个位)
$2$,$2a$or$2y$identifying the hashing algorithm and format- a two digit value denoting the cost parameter, followed by
$ - a 53 characters long base-64-encoded value (they use the alphabet
.,/,0–9,A–Z,a–zthat is different to the standard Base 64 Encoding alphabet) consisting of:- 22 characters of salt (effectively only 128 bits of the 132 decoded bits)
- 31 characters of encrypted output (effectively only 184 bits of the 186 decoded bits)
因此总长度分别为 59 或 60 字节.
Thus the total length is 59 or 60 bytes respectively.
当您使用 2a 格式时,您将需要 60 个字节.因此对于 MySQL,我建议使用
CHAR(60) BINARY或BINARY(60)(参见 _bin 和 binary 排序规则 以了解区别).As you use the 2a format, you’ll need 60 bytes. And thus for MySQL I’ll recommend to use the
CHAR(60) BINARYorBINARY(60)(see The _bin and binary Collations for information about the difference).CHAR不是二进制安全的,相等性不仅取决于字节值,还取决于实际的排序规则;在最坏的情况下,A被视为等于a.参见_bin和 <代码>二进制排序规则了解更多信息.CHARis not binary safe and equality does not depend solely on the byte value but on the actual collation; in the worst caseAis treated as equal toa. See The_binandbinaryCollations for more information.
相关文章