英文:
how to decode a hashed token to get the original token in golang
问题
我有这段代码,我想用它来创建一个令牌,将其存储起来,然后创建一个哈希版本的令牌发送给客户端进行电子邮件验证。
问题是我不知道如何解密哈希令牌以获取原始令牌。
有人可以帮帮我吗?
package main
import (
"crypto/md5"
"encoding/hex"
"fmt"
"log"
"golang.org/x/crypto/bcrypt"
)
// GenerateToken根据提供的电子邮件字符串返回一个唯一的令牌
func GenerateToken(email string) string {
hash, err := bcrypt.GenerateFromPassword([]byte(email), bcrypt.DefaultCost)
if err != nil {
log.Fatal(err)
}
fmt.Println("要存储的哈希:", string(hash))
hasher := md5.New()
hasher.Write(hash)
return hex.EncodeToString(hasher.Sum(nil))
}
func main() {
fmt.Println("令牌:", GenerateToken("bob@webserver.com"))
}
这段代码使用了bcrypt和md5包来生成和处理哈希值。GenerateToken函数接受一个电子邮件字符串作为输入,并使用bcrypt.GenerateFromPassword函数生成哈希值。然后,它使用md5包计算哈希值的MD5哈希,并将其返回作为令牌。
要解密哈希令牌以获取原始令牌是不可能的,因为哈希函数是单向的,不可逆的。哈希函数将输入映射到固定长度的输出,但无法从输出还原出输入。因此,通常情况下,我们无法从哈希值中恢复原始数据。
英文:
i've got this piece of code which I'm wanting to use to create a token which will be stored and then create a hashed version of this token to send it out to the client for email verification.
The issue is that I don't know how to decrypt the hashed token to give me the original token.
Can someone please help me out?
package main
import (
"crypto/md5"
"encoding/hex"
"fmt"
"log"
"golang.org/x/crypto/bcrypt"
)
// GenerateToken returns a unique token based on the provided email string
func GenerateToken(email string) string {
hash, err := bcrypt.GenerateFromPassword([]byte(email), bcrypt.DefaultCost)
if err != nil {
log.Fatal(err)
}
fmt.Println("Hash to store:", string(hash))
hasher := md5.New()
hasher.Write(hash)
return hex.EncodeToString(hasher.Sum(nil))
}
func main() {
fmt.Println("token:", GenerateToken("bob@webserver.com"))
}
答案1
得分: 1
你将加密和哈希搞混了。
在加密数据时,你可以解密它还原为原始值。但是哈希不具备这个能力。
在处理哈希时,与其尝试“反哈希”令牌,你应该将原始值进行哈希处理,并将哈希输出与提供的令牌进行比较。
以以下示例为例:https://go.dev/play/p/7F22cFZBqbh
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
func HashValue(v string) string {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(v), bcrypt.DefaultCost)
if err != nil {
panic(err)
}
return string(hashedPassword)
}
func CompareToHash(v, hash string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(v))
return err == nil
}
func main() {
password := "my-password"
hashedPassword := HashValue(password)
validPassword := "my-password"
invalidPassword := "not-my-password"
// Instead of unhashing 'hashedPassword', we instead hash the raw string and compare the hash
fmt.Println(CompareToHash(validPassword, hashedPassword)) // true
fmt.Println(CompareToHash(invalidPassword, hashedPassword)) // false
}
英文:
You are confusing encryption with hashing.
When encrypting data you are able to decrypt it to the original value. This is not possible when hashing.
When working with hashes, rather than trying to 'dehash' the token, you should instead hash the original value and compare the hashed output with the provided token.
Take the following example: https://go.dev/play/p/7F22cFZBqbh
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
func HashValue(v string) string {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(v), bcrypt.DefaultCost)
if err != nil {
panic(err)
}
return string(hashedPassword)
}
func CompareToHash(v, hash string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(v))
return err == nil
}
func main() {
password := "my-password"
hashedPassword := HashValue(password)
validPassword := "my-password"
invalidPassword := "not-my-password"
// Instead of unhashing 'hashedPassword', we instead hash the raw string and compare the hash
fmt.Println(CompareToHash(validPassword, hashedPassword)) // true
fmt.Println(CompareToHash(invalidPassword, hashedPassword)) // false
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论