2回答

繁星coding

正如评论中已经提到的，发布的数据的格式与passlib不同：passlib格式解释如下。盐和哈希（校验和）是 Base64 编码的。使用了一种特殊的 Base64 变体，其解释如下：Padding( =) 和空格被省略并被.应用+。另一方面，发布数据的哈希值是标准 Base64 编码（即用+代替.）和填充 ( =)。此外，盐是 UTF8 解码的。如果考虑到这一点，盐和哈希值是相同的。以下代码从发布的数据中确定passlib数据，并比较 salt 和 hash，其中发布的数据的 salt 和 hash 以passlib格式显示（即使用passlib Base64 变体和 Base64 编码的 salt）：from passlib.hash import pbkdf2_sha256from base64 import b64decodefrom passlib.utils.binary import ab64_encodedef hashAndCompare(crackedHash):        crackedChain = crackedHash.split('$')       #crackedChainDigest = crackedChain[0]    crackedChainRounds = crackedChain[1]    crackedChainSalt = crackedChain[2]    crackedChainSaltPasslibFormat = ab64_encode(crackedChainSalt.encode('utf8')).decode('utf8')    crackedChainHashData = crackedChain[3].split(':')    crackedChainHash = crackedChainHashData[0]    crackedChainHashPasslibFormat = ab64_encode(b64decode(crackedChainHash)).decode('utf8')    crackedChainData = crackedChainHashData[1]        passlibHash = pbkdf2_sha256.hash(crackedChainData, rounds=crackedChainRounds, salt=crackedChainSalt.encode('utf8'))     passlibChain = passlibHash.split('$')    passlibChainSalt = passlibChain[3]    passlibChainHash = passlibChain[4]        print('Passlib: Hash: {0} Salt: {1}\nCracked: Hash: {2} Salt: {3}\n'.format(passlibChainHash, passlibChainSalt, crackedChainHashPasslibFormat, crackedChainSaltPasslibFormat))hashAndCompare('pbkdf2_sha256$10000$005OtPxTXhPq$K/2GplWPJsBVj+qbgdKW8YEteQyUkIiquT5MaOhPo4Y=:harry')hashAndCompare('pbkdf2_sha256$10000$00Qhibr5Mbeg$l9grYueDrl3qN3NA7e9j5PodgV1XkGTz0Z6ajhF99AY=:radio')hashAndCompare('pbkdf2_sha256$10000$00h7h0g1ZKE1$YEobSm/y+cFg/VXhU4gGYJ6eOkZ68jhJ5axDu68Dack=:momo')hashAndCompare('pbkdf2_sha256$10000$01JMkfGk1RXh$vD+GGZshw5kExtZOpl5+Lht3xECULdbNVOesoTicxto=:fred')hashAndCompare('pbkdf2_sha256$10000$01vkw1viCg4J$2hjlbq10Jh/Su3yqjKfYCnCSt1WlKcKJtsqDET618M0=:get')hashAndCompare('pbkdf2_sha256$10000$01wayF5JLVSZ$2/9COWqb6SZG/raqabtU8fNBzkrt2puN7SaKw0U7jBs=:987456321')盐和哈希值与一致的编码相同：Passlib: Hash: K/2GplWPJsBVj.qbgdKW8YEteQyUkIiquT5MaOhPo4Y Salt: MDA1T3RQeFRYaFBxCracked: Hash: K/2GplWPJsBVj.qbgdKW8YEteQyUkIiquT5MaOhPo4Y Salt: MDA1T3RQeFRYaFBxPasslib: Hash: l9grYueDrl3qN3NA7e9j5PodgV1XkGTz0Z6ajhF99AY Salt: MDBRaGlicjVNYmVnCracked: Hash: l9grYueDrl3qN3NA7e9j5PodgV1XkGTz0Z6ajhF99AY Salt: MDBRaGlicjVNYmVnPasslib: Hash: YEobSm/y.cFg/VXhU4gGYJ6eOkZ68jhJ5axDu68Dack Salt: MDBoN2gwZzFaS0UxCracked: Hash: YEobSm/y.cFg/VXhU4gGYJ6eOkZ68jhJ5axDu68Dack Salt: MDBoN2gwZzFaS0UxPasslib: Hash: vD.GGZshw5kExtZOpl5.Lht3xECULdbNVOesoTicxto Salt: MDFKTWtmR2sxUlhoCracked: Hash: vD.GGZshw5kExtZOpl5.Lht3xECULdbNVOesoTicxto Salt: MDFKTWtmR2sxUlhoPasslib: Hash: 2hjlbq10Jh/Su3yqjKfYCnCSt1WlKcKJtsqDET618M0 Salt: MDF2a3cxdmlDZzRKCracked: Hash: 2hjlbq10Jh/Su3yqjKfYCnCSt1WlKcKJtsqDET618M0 Salt: MDF2a3cxdmlDZzRKPasslib: Hash: 2/9COWqb6SZG/raqabtU8fNBzkrt2puN7SaKw0U7jBs Salt: MDF3YXlGNUpMVlNaCracked: Hash: 2/9COWqb6SZG/raqabtU8fNBzkrt2puN7SaKw0U7jBs Salt: MDF3YXlGNUpMVlNa

0 0

0

GCT1015

该格式由 Django 使用，并且 passlib 有该格式的函数：Django 1.4 Hashes。所以，我在 python 的 shell 中这样做了：>>> from passlib.hash import django_pbkdf2_sha256>>> secret = 'harry'>>> hash = 'pbkdf2_sha256$10000$005OtPxTXhPq$K/2GplWPJsBVj+qbgdKW8YEteQyUkIiquT5MaOhPo4Y='>>> django_pbkdf2_sha256.verify(secret, hash)True>>> rounds = hash.split('$')[1]>>> salt = hash.split('$')[2]>>> django_pbkdf2_sha256.hash(secret, rounds=rounds, salt=salt) == hashTrue

0 0

0