如何从python生成与Spring兼容的密码?
我有一个 spring 应用程序创建 scrypt 密码,在数据库中如下所示:
{scrypt}$e 0801$QAqC0fvhY6iJPysiQsFnrcUg205njHo/6o+IDXDn33lxmZOCVBhb4NAqdafhuGmykCxQtMI5xP5zb7MYMUrU3Q==$sBeXCHOm 6zQuGdSDKs+HeXnNQGg3bhRidmL+HU/ZTMM=
我正在尝试使用 python 和 passlib 直接使用新密码更新数据库,但无法从$e0801$中推断出 passlib 的正确setting_kwds:
>>> from passlib.hash import scrypt
>>> scrypt.verify('wBkfoBsxj9u3wLOZ', '{scrypt}$e0801$QAqC0fvhY6iJPysiQsFnrcUg205njHo/6o+IDXDn33lxmZOCVBhb4NAqdafhuGmykCxQtMI5xP5zb7MYMUrU3Q==$sBeXCHOm6zQuGdSDKs+HeXnNQGg3bhRidmL+HU/ZTMM=')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/gregn/.pyenv/versions/v2.7.16/lib/python2.7/site-packages/passlib/utils/handlers.py", line 789, in verify
self = cls.from_string(hash, **context)
File "/home/gregn/.pyenv/versions/v2.7.16/lib/python2.7/site-packages/passlib/handlers/scrypt.py", line 177, in from_string
return cls(**cls.parse(hash))
File "/home/gregn/.pyenv/versions/v2.7.16/lib/python2.7/site-packages/passlib/handlers/scrypt.py", line 181, in parse
ident, suffix = cls._parse_ident(hash)
File "/home/gregn/.pyenv/versions/v2.7.16/lib/python2.7/site-packages/passlib/utils/handlers.py", line 1207, in _parse_ident
raise exc.InvalidHashError(cls)
ValueError: not a valid scrypt hash
手动摆弄前缀格式不起作用:
>>> scrypt.verify('wBkfoBsxj9u3wLOZ', '$scrypt$ln=1,r=8,p=1$QAqC0fvhY6iJPysiQsFnrcUg205njHo/6o+IDXDn33lxmZOCVBhb4NAqdafhuGmykCxQtMI5xP5zb7MYMUrU3Q==$sBeXCHOm6zQuGdSDKs+HeXnNQGg3bhRidmL+HU/ZTMM=')
False
我认为(但不确定(Spring正在使用默认的SCryptPasswordEncoder设置,因为我发现:
public static PasswordEncoder getPasswordEncoder() {
final String encodingId = "scrypt";
final Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put("bcrypt", new BCryptPasswordEncoder());
encoders.put(encodingId, new SCryptPasswordEncoder());
return new DelegatingPasswordEncoder(encodingId, encoders);
}
春季版:
. ____ _ __ _ _
/\ / ___'_ __ _ _(_)_ __ __ _
( ( )___ | '_ | '_| | '_ / _` |
\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |___, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.18.RELEASE)
谢谢!
您提供的那个不是有效的 scrypt 哈希
{scrypt}$e0801$QAqC0fvhY....
这是正确的格式(只需用$s0替换{scrypt}(
$s0$e0801$QAqC0fvhY6iJPysiQsFnrcUg205njHo/6o+IDXDn33lxmZOCVBhb4NAqdafhuGmykCxQtMI5xP5zb7MYMUrU3Q==$sBeXCHOm6zQuGdSDKs+HeXnNQGg3bhRidmL+HU/ZTMM=
如果您尝试使用 Password4j 获取配置:
SCryptFunction.getInstanceFromHash("$s0$e0801$QAqC0...");
你会得到N=16384,r=8和p=1。在 Python 实现中使用此配置。