正则表达式找到bcrypt哈希?

时间:2022-03-21 13:14:53

I am looking to find bcrypt hash string using regex (in PowerGrep), in a database.

我希望在数据库中使用regex(在PowerGrep中)找到bcrypt哈希字符串。

Tried this regex:

试过这个正则表达式:

{?A-Za-z_0-9.{60}}?

But no match was found. Bcrypt hash is 60 characters length, and starts with "$2y$".

但没有找到匹配。 Bcrypt哈希长度为60个字符,以“$ 2y $”开头。

Example:

例:

$2y$15$nK/B6u765645/lo0867h56546v/BnH5U5g45Aj67u67nMVtrhryt6

3 个解决方案

#1


3  

Your regex - {?A-Za-z_0-9.{60}}? - contains ranges not inside a character class [...], but inside optional curly braces, and thus they present sequences of literal characters. See your regex demo to see what I mean.

你的正则表达式 - {?A-Za-z_0-9。{60}}? - 包含不在字符类[...]内部的范围,但在可选花括号内,因此它们呈现文字字符序列。看看你的正则表达式演示,看看我的意思。

You can use the following regex:

您可以使用以下正则表达式:

^\$2y\$.{56}$

See demo

见演示

The ^ matches the start of string, \$2y\$ matches $2y$ literally (as $ is a special character and needs escaping) and .{56} is the rest 56 characters.

^匹配字符串的开头,\ $ 2y \ $匹配$ 2y $字面意思(因为$是一个特殊字符,需要转义)和。{56}是剩余的56个字符。

#2


22  

Just as an addition to the answer above from @stribizhev. The bcrypt hashes you might encounter out there in the wild come in a few varieties, so you may have to modify the regex to catch all of them. The variations are as follows:

正如@stribizhev上面的答案的补充。你可能在野外遇到的bcrypt哈希有几个变种,所以你可能需要修改正则表达式以捕获所有这些哈希。变化如下:

The "Algorithm Identifier" portion of the hash may include:

散列的“算法标识符”部分可以包括:

  • "2" - the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore.

    “2” - BCrypt的第一个版本,它存在轻微的安全漏洞,通常不再使用。

  • "2a" - some implementations suffered from a very rare security flaw.

    “2a” - 一些实现遭遇了非常罕见的安全漏洞。

  • "2y" - format specific to the crypt_blowfish BCrypt implementation, identical to "2a" in all but name.

    “2y” - 特定于crypt_blowfish BCrypt实现的格式,除了名称以外都与“2a”相同。

  • "2b" - latest revision of the official BCrypt algorithm

    “2b” - 官方BCrypt算法的最新版本

^\$2[ayb]\$.{56}$

seems to work for me

似乎对我有用

see here for the breakdown of a bcrypt hash: Can someone explain how BCrypt verifies a hash?

请参阅此处了解bcrypt哈希的细分:有人可以解释BCrypt如何验证哈希?

#3


2  

Use this:

用这个:

^\$2[aby]?\$\d{1,2}\$[.\/A-Za-z0-9]{53}$

Explanation:

说明:

  • \$2[aby]?\$ - matches the algorithm used. Valid values are 2, 2a, 2y and 2b
  • \ $ 2 [aby]?\ $ - 匹配使用的算法。有效值为2,2a,2y和2b
  • \d{1,2}\$ - matches the cost, or how many rounds, which is an integer between 4 and 31 (inclusive)
  • \ d {1,2} \ $ - 匹配成本或轮数,即4到31之间的整数(含)
  • [.\/A-Za-z0-9]{53} - matches the salt and the hash, with the salt making up the first 22 characters, and the hashed password making up the last 31
  • [。\ / A-Za-z0-9] {53} - 匹配盐和哈希值,盐组成前22个字符,哈希密码组成最后31个字符

#1


3  

Your regex - {?A-Za-z_0-9.{60}}? - contains ranges not inside a character class [...], but inside optional curly braces, and thus they present sequences of literal characters. See your regex demo to see what I mean.

你的正则表达式 - {?A-Za-z_0-9。{60}}? - 包含不在字符类[...]内部的范围,但在可选花括号内,因此它们呈现文字字符序列。看看你的正则表达式演示,看看我的意思。

You can use the following regex:

您可以使用以下正则表达式:

^\$2y\$.{56}$

See demo

见演示

The ^ matches the start of string, \$2y\$ matches $2y$ literally (as $ is a special character and needs escaping) and .{56} is the rest 56 characters.

^匹配字符串的开头,\ $ 2y \ $匹配$ 2y $字面意思(因为$是一个特殊字符,需要转义)和。{56}是剩余的56个字符。

#2


22  

Just as an addition to the answer above from @stribizhev. The bcrypt hashes you might encounter out there in the wild come in a few varieties, so you may have to modify the regex to catch all of them. The variations are as follows:

正如@stribizhev上面的答案的补充。你可能在野外遇到的bcrypt哈希有几个变种,所以你可能需要修改正则表达式以捕获所有这些哈希。变化如下:

The "Algorithm Identifier" portion of the hash may include:

散列的“算法标识符”部分可以包括:

  • "2" - the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore.

    “2” - BCrypt的第一个版本,它存在轻微的安全漏洞,通常不再使用。

  • "2a" - some implementations suffered from a very rare security flaw.

    “2a” - 一些实现遭遇了非常罕见的安全漏洞。

  • "2y" - format specific to the crypt_blowfish BCrypt implementation, identical to "2a" in all but name.

    “2y” - 特定于crypt_blowfish BCrypt实现的格式,除了名称以外都与“2a”相同。

  • "2b" - latest revision of the official BCrypt algorithm

    “2b” - 官方BCrypt算法的最新版本

^\$2[ayb]\$.{56}$

seems to work for me

似乎对我有用

see here for the breakdown of a bcrypt hash: Can someone explain how BCrypt verifies a hash?

请参阅此处了解bcrypt哈希的细分:有人可以解释BCrypt如何验证哈希?

#3


2  

Use this:

用这个:

^\$2[aby]?\$\d{1,2}\$[.\/A-Za-z0-9]{53}$

Explanation:

说明:

  • \$2[aby]?\$ - matches the algorithm used. Valid values are 2, 2a, 2y and 2b
  • \ $ 2 [aby]?\ $ - 匹配使用的算法。有效值为2,2a,2y和2b
  • \d{1,2}\$ - matches the cost, or how many rounds, which is an integer between 4 and 31 (inclusive)
  • \ d {1,2} \ $ - 匹配成本或轮数,即4到31之间的整数(含)
  • [.\/A-Za-z0-9]{53} - matches the salt and the hash, with the salt making up the first 22 characters, and the hashed password making up the last 31
  • [。\ / A-Za-z0-9] {53} - 匹配盐和哈希值,盐组成前22个字符,哈希密码组成最后31个字符