• Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
v3.5.2 Latest
Buy Hosting

What algorhythm is used for encrypting user passwords?

Scheduled Pinned Locked Moved Solved Technical Support
31 Posts 5 Posters 1.5k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    P Offline
    pyc4
    wrote on last edited by
    #22

    I'm definitely stuck, anybody care to provide professional help? I'm willing to pay to overcome this hurdle.

    PitaJP 1 Reply Last reply
    0
  • PitaJP Offline
    PitaJP Offline
    PitaJ Global Moderator Plugin & Theme Dev
    replied to pyc4 on last edited by
    #23

    @pyc4 share your code please

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    pyc4
    replied to PitaJ on last edited by
    #24

    @PitaJ

        passwordSHA512 = "b33bcf64f2744712deb66354b1d6a6d0";
        passwordSHA512 = crypto.createHash('sha512').update(passwordSHA512).digest('hex');
        console.log(passwordSHA512); // 455800380a39d8c49b976eb4bc31b98710ceb5beecd88c823c50ca2bdfd7cf1a581d92d9f64df5cfb2f9e50dfc3b2240e119b5ceffc99e584b310838f999aebc
        const match = bcrypt.compareSync(passwordSHA512, "$2a$12$56c7LRlpF9Mt47eeXDBgBuIBsuf3NPU4hAFzQRyxM7pZWMwhz3EOG");
        console.log(match); // false
    

    match should be true, not false.

    PitaJP 1 Reply Last reply
    0
  • PitaJP Offline
    PitaJP Offline
    PitaJ Global Moderator Plugin & Theme Dev
    replied to pyc4 on last edited by
    #25

    @pyc4 and you got the password hash+salt directly from the database?

    P 1 Reply Last reply
    0
  • P Offline
    P Offline
    pyc4
    replied to PitaJ on last edited by
    #26

    @PitaJ No, just got hash, not a salt. How can I get the salt if salt is always random?... Probably I do missing something here...

    PitaJP 1 Reply Last reply
    0
  • barisB Offline
    barisB Offline
    <baris> NodeBB
    wrote on last edited by baris
    #27

    I tested this and Im getting the expected result.

    router.get('/test', async (req, res) => {
    	const crypto = require('crypto');
    	const bcrypt = require('bcryptjs');
    
    	const rounds = 12;
    	const mypassword = '123456';
    	const shaPassword = crypto.createHash('sha512').update(mypassword).digest('hex');
    	const salt = await bcrypt.genSalt(parseInt(rounds, 10));
    	const hashedPassword = await bcrypt.hash(shaPassword, salt);
    	console.log('hashedPassword', hashedPassword);
    
    	// testing
    	const mypasswordtry = '123456'; 
    	const shaPasswordtry = crypto.createHash('sha512').update(mypasswordtry).digest('hex');
    
    	res.json({
    		'should be true': bcrypt.compareSync(shaPasswordtry, hashedPassword),
    		'should be false': bcrypt.compareSync('asdasdasa', hashedPassword),
    	});
    });
    

    Prints out

    {
        "should be true": true,
        "should be false": false
    }
    
    1 Reply Last reply
    0
  • PitaJP Offline
    PitaJP Offline
    PitaJ Global Moderator Plugin & Theme Dev
    replied to pyc4 on last edited by PitaJ
    #28

    @pyc4 salt is included in the password hash and stored in the same string in the database, which is why compare is passed only two things.

    1 Reply Last reply
    0
  • P Offline
    P Offline
    pyc4
    wrote on last edited by
    #29

    It worked out with this code:

    const shaPassword = crypto.createHash('sha512').update(password).digest('hex');
    console.log("true or false: ");
    console.log(await bcrypt.compare(shaPassword, "$2a$12$56c7LRlpF9Mt47eeXDBgBuIBsuf3NPU4hAFzQRyxM7pZWMwhz3EOG"));
    

    Compare's second argument is fetched from database and that's it... Honestly I don't really know how it complicated this much for me, there's something that I did wrong, now it's ok. Thanks a lot!

    P 1 Reply Last reply
    1
  • P pyc4 has marked this topic as solved on
  • P Offline
    P Offline
    pyc4
    replied to pyc4 on last edited by pyc4
    #30

    @Pitaj @baris Just to be completely clear, bcrypt.compare is this the only possible way for checking password?

    I was thinking it is possible to generate hash from given password that is exactly the same as the hash written to database. Then I could just search the database for that hash , and if it exist that whatever user that has that password is logged in - I wouldn't have to find user first and load saved hash in database to supply to compare function.

    Huh, I'm hope I'm being clear. 🙂

    julianJ 1 Reply Last reply
    0
  • julianJ Offline
    julianJ Offline
    julian GNU/Linux
    replied to pyc4 on last edited by
    #31

    @pyc4 said:

    I was thinking it is possible to generate hash from given password that is exactly the same as the hash written to database.

    Only if you use the same salt, but you don't have the salt, so therein lies the problem 😄

    1 Reply Last reply
    0

Copyright © 2023 NodeBB | Contributors
  • Login

  • Don't have an account? Register

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development