可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

About passwords encryption in liferay I found out that liferay is using PBKDF2WithHmacSHA1/160/128000 algorithm by default which generates 160 bit hashes using 128,000 rounds.

And I can use the following types by applying them in my portal-ext.properties file

#passwords.encryption.algorithm=BCRYPT/10
#passwords.encryption.algorithm=MD2
#passwords.encryption.algorithm=MD5
#passwords.encryption.algorithm=NONE
#passwords.encryption.algorithm=PBKDF2WithHmacSHA1/160/128000
#passwords.encryption.algorithm=SHA
#passwords.encryption.algorithm=SHA-256
#passwords.encryption.algorithm=SHA-384
#passwords.encryption.algorithm=SSHA
#passwords.encryption.algorithm=UFC-CRYPT

with default type "PBKDF2WithHmacSHA1/160/128000" i found that every password is being generated starting with a prefix "AAAAoAAB9A" Like : "AAAAoAAB9ACpjEM1K54bHX0UMY+3AgeAX3n50ZGERRK6MpxC"

I need to know that why every password is starting with this prefix while using the mentioned algorithm.

By using another algorithm "BCRYPT/10" i found out that my passwords are starting with "$2a$10" Like: "$2a$10$Xyx.o1kv1mIr8rtpr9sxwOP6AC9I/u7tAIlyfrzp8Vlqcek/CGdQ"

Some how i figured out that "10" in "$2a$10" the password is getting hashed with a salt with 10 rounds. is this correct or I am getting it wrong?

回答1:

Liferay uses PBKDF2WithHmacSHA1/160/128000 by default, the encrypted password is a combination of bytes of "key size, number of rounds, salt and secret key bytes" being placed in order in the bytebuffer and then Base64 encoding over the combination.

So the reason why there is a prefix "AAAAoAAB9A" in: "AAAAoAAB9ACpjEM1K54bHX0UMY+3AgeAX3n50ZGERRK6MpxC" is because this is the combination of key size and Number of rounds (i.e 160/128000) byte buffer which is being encoded as a whole into Base64. Changing the key size and number of rounds you will comeup with some different prefix.