我们的应用程序使用库 securehash 对象来创建单向密码: https://github.com/nremond/pbkdf2-scala/blob/master/src/main/scala/io/github/nremond/securehash.scala
现在我的问题是我在 go 中的代码返回 -1 进行密码检查。
package main
import (
"bytes"
"crypto/rand"
"crypto/sha512"
"fmt"
"golang.org/x/crypto/pbkdf2"
"math/big"
"strings"
)
func main() {
iteration := 25000
// Hash User input
password := []byte("123")
salt := "yCyQMMMBt1TuPa1F9FeKfT0yrNIF8tLB"
key := pbkdf2.Key(password, []byte(salt), iteration, sha512.Size, sha512.New)
// COMPARE PASSWORD fetched from DB
// 123 hash in scala
tokenS := strings.Split("$pbkdf2-sha512$25000$yCyQMMMBt1TuPa1F9FeKfT0yrNIF8tLB$TtQt5BZLs4qlA0YAkcGukZwu7pkxOLcxwuoQB3qNtxM", "$")
passwordHashInDatabase := tokenS[4]
out := bytes.Compare(key, []byte(passwordHashInDatabase))
fmt.Println("out: ", out)
}正确答案
您有几个问题:
-
在将盐传递给
pbkdf2.key()之前,您不会对盐进行 base64 解码,并且在将其与pbkdf2.key()的结果进行比较之前,您不会对从数据库获取的密钥进行 base64 解码。另请注意,scala 实现在 base64 解码/编码之前/之后进行了一些字符替换。这也需要在 go 实现中复制。 -
scala 实现中的
createhash()方法有一个dklength参数,默认为32。在 go 实现中,您提供的是sha512.size的结果,它是64并且不匹配。我知道使用了默认值,因为数据库中的值是 32 字节长。
这是一个仓促修复的实现:
package main
import (
"bytes"
"crypto/sha512"
"encoding/base64"
"fmt"
"log"
"strings"
"golang.org/x/crypto/pbkdf2"
)
func b64decode(s string) ([]byte, error) {
s = strings.replaceall(s, ".", "+")
return base64.rawstdencoding.decodestring(s)
}
func main() {
iteration := 25000
// hash user input
password := []byte("123")
salt, err := b64decode("ycyqmmmbt1tupa1f9fekft0yrnif8tlb")
if err != nil {
log.fatal("failed to base64 decode the salt: %s", err)
}
key := pbkdf2.key(password, salt, iteration, 32, sha512.new)
// compare password fetched from db
// 123 hash in scala
tokens := strings.split("$pbkdf2-sha512$25000$ycyqmmmbt1tupa1f9fekft0yrnif8tlb$ttqt5bzls4qla0yakcgukzwu7pkxolcxwuoqb3qntxm", "$")
passwordhashindatabase, err := b64decode(tokens[4])
if err != nil {
log.fatal("failed to base64 decode password hash from the database: %s", err)
}
fmt.printf("%x\n%x\n", key, passwordhashindatabase)
fmt.printf("%d\n%d\n", len(key), len(passwordhashindatabase))
out := bytes.compare(key, passwordhashindatabase)
fmt.println("out: ", out)
}
输出:
4ed42de4164bb38aa503460091c1ae919c2eee993138b731c2ea10077a8db713 4ed42de4164bb38aa503460091c1ae919c2eee993138b731c2ea10077a8db713 32 32 out: 0
The above is the detailed content of How to simulate password hashing of pbkdf2-scala in Golang pbkdf2. For more information, please follow other related articles on the PHP Chinese website!
How to use the 'strings' package to manipulate strings in Go step by stepMay 13, 2025 am 12:12 AMGo's strings package provides a variety of string manipulation functions. 1) Use strings.Contains to check substrings. 2) Use strings.Split to split the string into substring slices. 3) Merge strings through strings.Join. 4) Use strings.TrimSpace or strings.Trim to remove blanks or specified characters at the beginning and end of a string. 5) Replace all specified substrings with strings.ReplaceAll. 6) Use strings.HasPrefix or strings.HasSuffix to check the prefix or suffix of the string.
Go strings package: how to improve my code?May 13, 2025 am 12:10 AMUsing the Go language strings package can improve code quality. 1) Use strings.Join() to elegantly connect string arrays to avoid performance overhead. 2) Combine strings.Split() and strings.Contains() to process text and pay attention to case sensitivity issues. 3) Avoid abuse of strings.Replace() and consider using regular expressions for a large number of substitutions. 4) Use strings.Builder to improve the performance of frequently splicing strings.
What are the most useful functions in the GO bytes package?May 13, 2025 am 12:09 AMGo's bytes package provides a variety of practical functions to handle byte slicing. 1.bytes.Contains is used to check whether the byte slice contains a specific sequence. 2.bytes.Split is used to split byte slices into smallerpieces. 3.bytes.Join is used to concatenate multiple byte slices into one. 4.bytes.TrimSpace is used to remove the front and back blanks of byte slices. 5.bytes.Equal is used to compare whether two byte slices are equal. 6.bytes.Index is used to find the starting index of sub-slices in largerslices.
Mastering Binary Data Handling with Go's 'encoding/binary' Package: A Comprehensive GuideMay 13, 2025 am 12:07 AMTheencoding/binarypackageinGoisessentialbecauseitprovidesastandardizedwaytoreadandwritebinarydata,ensuringcross-platformcompatibilityandhandlingdifferentendianness.ItoffersfunctionslikeRead,Write,ReadUvarint,andWriteUvarintforprecisecontroloverbinary
Go 'bytes' package quick referenceMay 13, 2025 am 12:03 AMThebytespackageinGoiscrucialforhandlingbyteslicesandbuffers,offeringtoolsforefficientmemorymanagementanddatamanipulation.1)Itprovidesfunctionalitieslikecreatingbuffers,comparingslices,andsearching/replacingwithinslices.2)Forlargedatasets,usingbytes.N
Mastering Go Strings: A Deep Dive into the 'strings' PackageMay 12, 2025 am 12:05 AMYou should care about the "strings" package in Go because it provides tools for handling text data, splicing from basic strings to advanced regular expression matching. 1) The "strings" package provides efficient string operations, such as Join functions used to splice strings to avoid performance problems. 2) It contains advanced functions, such as the ContainsAny function, to check whether a string contains a specific character set. 3) The Replace function is used to replace substrings in a string, and attention should be paid to the replacement order and case sensitivity. 4) The Split function can split strings according to the separator and is often used for regular expression processing. 5) Performance needs to be considered when using, such as
'encoding/binary' Package in Go: Your Go-To for Binary OperationsMay 12, 2025 am 12:03 AMThe"encoding/binary"packageinGoisessentialforhandlingbinarydata,offeringtoolsforreadingandwritingbinarydataefficiently.1)Itsupportsbothlittle-endianandbig-endianbyteorders,crucialforcross-systemcompatibility.2)Thepackageallowsworkingwithcus
Go Byte Slice Manipulation Tutorial: Mastering the 'bytes' PackageMay 12, 2025 am 12:02 AMMastering the bytes package in Go can help improve the efficiency and elegance of your code. 1) The bytes package is crucial for parsing binary data, processing network protocols, and memory management. 2) Use bytes.Buffer to gradually build byte slices. 3) The bytes package provides the functions of searching, replacing and segmenting byte slices. 4) The bytes.Reader type is suitable for reading data from byte slices, especially in I/O operations. 5) The bytes package works in collaboration with Go's garbage collector, improving the efficiency of big data processing.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
