如何在 MySQL 的 `encrypt` 函数中使用 `bcrypt` 算法来验证密码?
我有密码(qwe)的 bcrypted 值($2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS).但是当我验证时,我得到了错误的结果哈希值.
I have bcrypted value($2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS) of password (qwe). But when I am verifying I am getting wrong result hash value.
mysql> select '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS' = encrypt('qwe', '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS') as is_valid;
+----------+
| is_valid |
+----------+
| 0 |
+----------+
select encrypt('qwe', '$2y$10$zQaDT8hXM4pLmBdwN0xEseda/oKJAQKMKMzUrV8jbs6Epz28BXzBS') as hash;
+---------------+
| hash |
+---------------+
| $2tBKnsbV2Szg |
+---------------+
md5 工作正常
mysql> select '$1$$.dCRcHz4ApIYzcA0g/qz3/' = encrypt('qwe', '$1$$.dCRcHz4ApIYzcA0g/qz3/') as is_valid;
+----------+
| is_valid |
+----------+
| 1 |
+----------+
如何为 MySQL 添加对 bcrypt 的支持?
How to add support of bcrypt to MySQL?
推荐答案
你不能.MySQL ENCRYPT() 函数使用操作系统的 crypt() 函数——如果你的操作系统不支持 bcrypt 哈希,MySQL 也不支持它们.
You can't. The MySQL ENCRYPT() function uses the operating system's crypt() function — if your operating system does not support bcrypt hashes, MySQL will not support them either.
另外,不要使用 MySQL ENCRYPT() 函数.正如 ircmaxell 所指出的,您传递给 MySQL 查询的任何数据都可能最终出现在服务器日志文件中,因此将其用于任何与密码相关的事情可能是不安全的.
Also, do not use the MySQL ENCRYPT() function. As ircmaxell noted, any data you pass to a MySQL query may end up in server log files, so it's potentially unsafe to use it for anything password-related.
相关文章