我用这个BCrypt库生成了一个带有盐的哈希:https://github.com/rg3/libbcrypt
问题出在bcrypt.c
( int bcrypt_gensalt
(。 open("/dev/urandom", O_RDONLY)
不适用于Windows。我尝试了以下方法:
int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE]) {
int fd;
unsigned char input[RANDBYTES];
int workf;
char *aux;
HCRYPTPROV hCryptProv;
if (CryptAcquireContext(
&hCryptProv,
NULL,
(LPCSTR)"Microsoft Base Cryptographic Provider v1.0",
PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT)) {
if (CryptGenRandom(
hCryptProv,
RANDBYTES,
input)) {
if (CryptReleaseContext(hCryptProv, 0)) {
return 0;
}
else {
printf("Error during CryptReleaseContext.n");
return 4;
}
}
else {
if (CryptReleaseContext(hCryptProv, 0)) {
printf("Error during CryptGenRandom.n");
return 2;
}
else {
printf("Error during CryptReleaseContext.n");
return 3;
}
}
}
else {
printf("Error during CryptAcquireContext!n");
return 1;
}
/* Generate salt. */
workf = (factor < 4 || factor > 31)?12:factor;
aux = crypt_gensalt_rn("$2a$", workf, input, RANDBYTES,
salt, BCRYPT_HASHSIZE);
return (aux == NULL)?5:0;
}
但结果是:
Generated salt:
Hashed password: *0
Time taken: 0.000000 seconds
First hash check: OK
Second hash check: OK
First hash check with bcrypt_checkpw: OK
Time taken: 0.060000 seconds
Second hash check with bcrypt_checkpw: OK
Time taken: 0.060000 seconds
盐将无法正确生成。
在您的呼吁中:
aux = crypt_gensalt_rn("$2a$", workf, input, RANDBYTES,
salt, BCRYPT_HASHSIZE);
RANDBYTES
和 BCRYPT_HASHSIZE
的值需要再有一个字节才能终止