用户密码加密 算法选择。?
- PBKDF2
- bcrypt
两种方式 正在纠结选哪一种。
PBKDF2 比较灵活 可以自定义数据存储的格式 salt 与 hash 密文的组合,以及循环加密的次数,可以达到很小。
bcrypt 有个问题 各种语言的实现库 好想还有点差异,有些事以 $2a $2y 等开头的,速度最快在我这机器里面是13ms 。。
我是单机 而且访问量有点高。。
18 回复
我的 pbkdf2 算法 业务封装
const crypto = require('crypto');
const PBKDF2_HASH_ALGORITHM = "sha256";
const PBKDF2_ITERATIONS = 1024;
const PBKDF2_SALT_BYTE_SIZE = 24;
const PBKDF2_HASH_BYTE_SIZE = 24;
const HASH_SECTIONS = 4;
const HASH_ALGORITHM_INDEX = 0;
const HASH_ITERATION_INDEX = 1;
const HASH_SALT_INDEX = 2;
const HASH_PBKDF2_INDEX = 3;
function create_hash(password, cb) {
crypto.randomBytes(PBKDF2_SALT_BYTE_SIZE, (err, buf) => {
if (err) {
return cb(err);
}
let _salt = buf.toString('base64');
crypto.pbkdf2(String(password), _salt, PBKDF2_ITERATIONS, PBKDF2_HASH_BYTE_SIZE, PBKDF2_HASH_ALGORITHM, (err, derivedKey) => {
if(err) {
return cb(err);
}
// format: algorithm:iterations:salt:hash
let real_password = PBKDF2_HASH_ALGORITHM + ':' + PBKDF2_ITERATIONS + ':' + _salt + ':' + derivedKey.toString('base64');
return cb(null, real_password);
});
});
}
function validate_password(password, correct_hash, cb) {
let params = correct_hash.split(':');
if(params.length < HASH_SECTIONS) {
return cb(null , false);
}
let pbkdf2 = new Buffer(params[HASH_PBKDF2_INDEX], 'base64');
crypto.pbkdf2(String(password), params[HASH_SALT_INDEX], Number(params[HASH_ITERATION_INDEX]), pbkdf2.length, params[HASH_ALGORITHM_INDEX], (err, _derivedKey) => {
if(err) {
return (err);
}
return cb(null, _slow_equals(pbkdf2, _derivedKey));
});
}
/**
* Slow compare two strings
*
* @param {Buffer} a
* @param {Buffer} b
* @return {Boolean}
*/
function _slow_equals(a, b) {
var diff = a.length ^ b.length;
for(var i = 0; i < a.length && i < b.length; i++){
diff |= a[i] ^ b[i];
}
return diff === 0;
}
module.exports = {
create_hash,
validate_password
};
