One 、 brief introduction

Bcrypt Is a cross platform file encryption tool , The files encrypted by it can be transferred on all supported operating systems and processors . Its password must be 8 to 56 Characters , And will be transformed internally into 448 A key .bcrypt Using Bruce · Schnell is in 1993 Published in Blowfish encryption algorithm . say concretely ,bcrypt Use Paul · Kochel 's algorithm implementation . along with bcrypt The source code released together has slightly changed the original version .

1. ​Bcrypt The algorithm is relatively slow , There is a common saying in the field of cryptography ： The slower the algorithm, the safer . The slower the algorithm , The higher the hacking cost .
2. adopt salt and cost These two values slow down the encryption process , Encryption time （ hundred ms level ） Far more than md5（ Probably 1ms about ） For computers ,Bcrypt The calculation speed of is very slow , But for users , This process is not slow .
3. ​Bcrypt Is one-way , And through salt and cost To deal with , Make it suffer rainbow The probability of attack cracking is greatly reduced , At the same time, the difficulty of cracking is also improved a lot , be relative to MD5 And other encryption methods are more secure , And it's easy to use .

​Bcrypt The encrypted string is shaped like ：

$2b$10$2UCl0qI6K7tgtFmcO.DzdOKmBxfQorIuUV8Hdb12go7sHJitOV9w.,
//  among ：
// $ It's a separator , meaningless ;
// 2b yes bcrypt Encryption version number ;
// 10 yes cost Value ;
//  Back front 22 Is it salt value ; The next string is the ciphertext of the password ;

​Bcrypt Algorithm will salt Random and mix in the final encrypted password , The previous salt, So it doesn't need to be dealt with separately salt problem .

Two 、 Use

1. install

npm i bcrypt --save

2. Encryption code

//1、 Introduce modules 
let  bcrypt= require("bcrypt");
//2、  produce salt
let salt = bcrypt.genSaltSync(11); // 11  Is the number of iterations 
//3、 encryption 
// bcrypt.hashSync( The password entered when the user registers ,salt); 
let pass = bcrypt.hashSync("123456",salt); 
console.log("pass",pass);//pass Is the result of encryption , This can be stored in the database 
// $2b$10$1MtFAztjfpDTm8z.PjQTwOo6k4FrRiXwbZKq0oAKWqWI94mhzJfTG
// $2b$11$jMC6xi32MVFDApY.valjJ.f7W5gGXQoLj3VZlrPQ8Fik.pVQ/szTK

3. contrast

Check whether the password entered by the user is consistent with that in the database

//  Verify that the password is correct 
//1、 Introduce modules 
let  bcrypt= require("bcrypt");
// let isMatch = bcrypt.compareSync( The password entered when the user logs in , The password from the database );
let isMatch = bcrypt.compareSync("123456","$2b$11$jMC6xi32MVFDApY.valjJ.f7W5gGXQoLj3VZlrPQ8Fik.pVQ/szTK");
console.log(isMatch);//true： Indicates that the password is consistent ;false： Password inconsistency 

Reference resources

1. Bcrypt New knowledge of encryption
2. Cryptography series :bcrypt Detailed explanation of encryption algorithm