I am looking to find bcrypt hash string using regex (in PowerGrep), in a database.
我希望在数据库中使用regex(在PowerGrep中)找到bcrypt哈希字符串。
Tried this regex:
试过这个正则表达式:
{?A-Za-z_0-9.{60}}?
But no match was found. Bcrypt hash is 60 characters length, and starts with "$2y$".
但没有找到匹配。 Bcrypt哈希长度为60个字符,以“$ 2y $”开头。
Example:
例:
$2y$15$nK/B6u765645/lo0867h56546v/BnH5U5g45Aj67u67nMVtrhryt6
3 个解决方案
#1
3
Your regex - {?A-Za-z_0-9.{60}}?
- contains ranges not inside a character class [...]
, but inside optional curly braces, and thus they present sequences of literal characters. See your regex demo to see what I mean.
你的正则表达式 - {?A-Za-z_0-9。{60}}? - 包含不在字符类[...]内部的范围,但在可选花括号内,因此它们呈现文字字符序列。看看你的正则表达式演示,看看我的意思。
You can use the following regex:
您可以使用以下正则表达式:
^\$2y\$.{56}$
See demo
见演示
The ^
matches the start of string, \$2y\$
matches $2y$
literally (as $
is a special character and needs escaping) and .{56}
is the rest 56 characters.
^匹配字符串的开头,\ $ 2y \ $匹配$ 2y $字面意思(因为$是一个特殊字符,需要转义)和。{56}是剩余的56个字符。
#2
22
Just as an addition to the answer above from @stribizhev. The bcrypt hashes you might encounter out there in the wild come in a few varieties, so you may have to modify the regex to catch all of them. The variations are as follows:
正如@stribizhev上面的答案的补充。你可能在野外遇到的bcrypt哈希有几个变种,所以你可能需要修改正则表达式以捕获所有这些哈希。变化如下:
The "Algorithm Identifier" portion of the hash may include:
散列的“算法标识符”部分可以包括:
-
"2"
- the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore.“2” - BCrypt的第一个版本,它存在轻微的安全漏洞,通常不再使用。
-
"2a"
- some implementations suffered from a very rare security flaw.“2a” - 一些实现遭遇了非常罕见的安全漏洞。
-
"2y"
- format specific to the crypt_blowfish BCrypt implementation, identical to "2a" in all but name.“2y” - 特定于crypt_blowfish BCrypt实现的格式,除了名称以外都与“2a”相同。
-
"2b"
- latest revision of the official BCrypt algorithm“2b” - 官方BCrypt算法的最新版本
^\$2[ayb]\$.{56}$
seems to work for me
似乎对我有用
see here for the breakdown of a bcrypt hash: Can someone explain how BCrypt verifies a hash?
请参阅此处了解bcrypt哈希的细分:有人可以解释BCrypt如何验证哈希?
#3
2
Use this:
用这个:
^\$2[aby]?\$\d{1,2}\$[.\/A-Za-z0-9]{53}$
Explanation:
说明:
-
\$2[aby]?\$
- matches the algorithm used. Valid values are 2, 2a, 2y and 2b - \ $ 2 [aby]?\ $ - 匹配使用的算法。有效值为2,2a,2y和2b
-
\d{1,2}\$
- matches the cost, or how many rounds, which is an integer between 4 and 31 (inclusive) - \ d {1,2} \ $ - 匹配成本或轮数,即4到31之间的整数(含)
-
[.\/A-Za-z0-9]{53}
- matches the salt and the hash, with the salt making up the first 22 characters, and the hashed password making up the last 31 - [。\ / A-Za-z0-9] {53} - 匹配盐和哈希值,盐组成前22个字符,哈希密码组成最后31个字符
#1
3
Your regex - {?A-Za-z_0-9.{60}}?
- contains ranges not inside a character class [...]
, but inside optional curly braces, and thus they present sequences of literal characters. See your regex demo to see what I mean.
你的正则表达式 - {?A-Za-z_0-9。{60}}? - 包含不在字符类[...]内部的范围,但在可选花括号内,因此它们呈现文字字符序列。看看你的正则表达式演示,看看我的意思。
You can use the following regex:
您可以使用以下正则表达式:
^\$2y\$.{56}$
See demo
见演示
The ^
matches the start of string, \$2y\$
matches $2y$
literally (as $
is a special character and needs escaping) and .{56}
is the rest 56 characters.
^匹配字符串的开头,\ $ 2y \ $匹配$ 2y $字面意思(因为$是一个特殊字符,需要转义)和。{56}是剩余的56个字符。
#2
22
Just as an addition to the answer above from @stribizhev. The bcrypt hashes you might encounter out there in the wild come in a few varieties, so you may have to modify the regex to catch all of them. The variations are as follows:
正如@stribizhev上面的答案的补充。你可能在野外遇到的bcrypt哈希有几个变种,所以你可能需要修改正则表达式以捕获所有这些哈希。变化如下:
The "Algorithm Identifier" portion of the hash may include:
散列的“算法标识符”部分可以包括:
-
"2"
- the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore.“2” - BCrypt的第一个版本,它存在轻微的安全漏洞,通常不再使用。
-
"2a"
- some implementations suffered from a very rare security flaw.“2a” - 一些实现遭遇了非常罕见的安全漏洞。
-
"2y"
- format specific to the crypt_blowfish BCrypt implementation, identical to "2a" in all but name.“2y” - 特定于crypt_blowfish BCrypt实现的格式,除了名称以外都与“2a”相同。
-
"2b"
- latest revision of the official BCrypt algorithm“2b” - 官方BCrypt算法的最新版本
^\$2[ayb]\$.{56}$
seems to work for me
似乎对我有用
see here for the breakdown of a bcrypt hash: Can someone explain how BCrypt verifies a hash?
请参阅此处了解bcrypt哈希的细分:有人可以解释BCrypt如何验证哈希?
#3
2
Use this:
用这个:
^\$2[aby]?\$\d{1,2}\$[.\/A-Za-z0-9]{53}$
Explanation:
说明:
-
\$2[aby]?\$
- matches the algorithm used. Valid values are 2, 2a, 2y and 2b - \ $ 2 [aby]?\ $ - 匹配使用的算法。有效值为2,2a,2y和2b
-
\d{1,2}\$
- matches the cost, or how many rounds, which is an integer between 4 and 31 (inclusive) - \ d {1,2} \ $ - 匹配成本或轮数,即4到31之间的整数(含)
-
[.\/A-Za-z0-9]{53}
- matches the salt and the hash, with the salt making up the first 22 characters, and the hashed password making up the last 31 - [。\ / A-Za-z0-9] {53} - 匹配盐和哈希值,盐组成前22个字符,哈希密码组成最后31个字符