Front-end login and password with bcrypt generated encryption cipher and send to backstage,
Backend access pass to the ciphertext and stored in the database of the cipher text can check? How to check?
Bcrypt every time on the same password string is different, the encrypted cryptograph directly with=to compare is certainly not,
Found online is validated passwords plaintext and ciphertext, watching matches,
CodePudding user response:
I looked at it and when it cannot breakAll unbreakable encryption, is directly comparable ciphertext,
Front end with the same encryption parameters and method and the salt, will get the same results
Hash crack is generated plaintext and ciphertext table, and then compare the cipher text,
Now account database password are unbreakable ciphertext, calibration is comparative and ciphertext, site no longer storage cleartext passwords,
CodePudding user response:
Is seems to be able to crack, if front with bcrypt encryption, and front-end and back-end with cryptograph ciphertext is impossible to check, and bcrypt encryption cannot be directly compared the content of the ciphertext, because every time the same content of generating encrypted cryptograph is different, but found the curve of the solution:1, the front end of RSA public key encryption,
2, the back-end RSA private key to decrypt the,
3, the back-end with the result of the decryption bcrypt check,