duanrong6802 2018-07-01 01:09
浏览 105
已采纳

golang相当于PHP crypt()

This line of code in PHP evaluates to true

echo '$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2' == crypt("enter-new-password",'$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2');

What I need is a crypt function in Golang that will also evaluate to true.

ATTEMPT 1

I tried this but it evaluated to false:

import "github.com/nyarla/go-crypt"
log.Println("$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2" == crypt.Crypt("enter-new-password","$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2"))

ATTEMPT 2

I also tried to define and use this crypt function that I found somewhere else, but it also returned false:

package main

import (
    "fmt"
    "unsafe"
)

// #cgo LDFLAGS: -lcrypt
// #define _GNU_SOURCE
// #include <crypt.h>
// #include <stdlib.h>
import "C"

// crypt wraps C library crypt_r
func crypt(key, salt string) string {
    data := C.struct_crypt_data{}
    ckey := C.CString(key)
    csalt := C.CString(salt)
    out := C.GoString(C.crypt_r(ckey, csalt, &data))
    C.free(unsafe.Pointer(ckey))
    C.free(unsafe.Pointer(csalt))
    return out
}

ATTEMPT 3

I also tried this, but it doesn't seem to have support for CRYPT_BLOWFISH, which was what was used by an older PHP5.3 and earlier:

Why does my crypt package give me invalid magic prefix error?

So my question is:

How do I get a golang crypt function to behave exactly like the PHP crypt function for the strings enter-new-password and $2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2?

  • 写回答

1条回答 默认 最新

  • dthswrp84966 2018-07-02 14:17
    关注

    Although I haven't found an exact "Go crypt function" equivalent of PHP's crypt function, I found an alternative.

    The following solved my problem

    import "golang.org/x/crypto/bcrypt"
// check will be nil if the bcrypt version of "enter-new-password" is the same as the "$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2" .  Otherwise check will be an error object
check := bcrypt.CompareHashAndPassword([]byte("$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2"),[]byte("enter-new-password"))
log.Println(check)

    The golang.org/x/crypto/bcrypt/bcrypt_test.go has some useful examples of how to use this module.

    Apparently PHP's crypt function has many different ways of hashing a value, like sha256, sha512, blowfish etc... It seems there are many go lang modules out there, but you have to explicitly state the hash type, the cost, etc... In my question, the existence of $2a$ as a prefix to the hash value suggested the use of some blowfish type hash. Some of my earlier attempts didn't consider this. In fact, the module in attempt 3 does not have support for blowfish.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!