dongpanshi2839 2018-08-31 18:43
浏览 835
已采纳

每次使用相同的输入进行Bcrypt加密都不同

Using golang.org/x/crypto/bcrypt and GORM (http://gorm.io/docs/) I'm trying to encrypt a password. The problem is that every encryption of it is different every time, so it can never match the one in the database.

var result []string

password := []byte(data.Password)
encryptedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) // different every time

db.Where(&User{Username: strings.ToLower(data.Username)}).First(&user).Pluck("password", &result)
encryptionErr := bcrypt.CompareHashAndPassword(encryptedPassword, []byte(result[0]))

if encryptionErr == nil { // passwords match! }

I have confirmed that the input is the same every time and that the password given from the database is correct.

What am I doing wrong here?

  • 写回答

2条回答 默认 最新

  • douting1871 2018-08-31 19:13
    关注

    The bcrypt hash algorithm, by design, generates a different encrypted string every time you call it (it is salted). If you have a plaintext password you want to check, and ciphertext in the database, you should be able to pass those two things to bcrypt.CompareHashAndPassword. Adapting your code:

    var result []string
db.Where(&User{Username: strings.ToLower(data.Username)})
        .First(&user)
        .Pluck("password", &result)

encryptionErr := bcrypt.CompareHashAndPassword([]byte(result[0]), []byte(data.Password))

    You shouldn't need to call bcrypt.GenerateFromPassword again; as you note, it will generate a different encrypted password and it should be all but impossible to compare the two for equality.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计
  • ¥15 路易威登官网 里边的参数逆向
  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?
  • ¥50 需求一个up主付费课程
  • ¥20 模型在y分布之外的数据上预测能力不好如何解决
  • ¥15 processing提取音乐节奏
  • ¥15 gg加速器加速游戏时,提示不是x86架构
  • ¥15 python按要求编写程序
  • ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入