.net 1.1和2.0中的MD5编码差异 [英] MD5 Encoding Differ in .net 1.1 and 2.0
问题描述
大家好,
最近,我正在开发扩展应用程序(.net 2.0)以生成密码,使用MD5加密密码,然后将其插入数据库中,以便在网站(.net 1.1平台)中进行客户端登录.
开发扩展程序后,我的一些用户报告说某些密码无法在网站上使用.
当我检查编码以进行加密时,发现了一些问题.
这是我加密方法的一部分.
公共 字符串 cryptoStr(字符串 strPassword)
{
MD5 md5 = 新 MD5CryptoServiceProvider();
字节 [] pwd = Encoding.Unicode.GetBytes(strPassword);
字符串 ePwd = Encoding.Unicode.GetString(md5.ComputeHash(pwd));
返回 ePwd;
}
如果只是在调试模式下运行,请输入密码,在Platform .net 1.1和2.0中,字符串值"ePwd"可能不会有所不同
再次使用"ePwd"转换为Byte [],您发现"pwd"与转换字节值不同.
^ ]是来自存在类似问题的人员的主题.是的,但您没有注意到它们没有像您一样将ComputeHash()方法的结果存储在string
中. .他们实际上将结果存储在byte[]
中,这是正确的.他们使用Convert.ToBase64String(hashResult);
返回一个字符串.
他们声称这样做在1.1和2.0之间没有区别.它们使用ASCII且使用Unicode编码这一事实与byte
数组没有任何区别.
您知道MD5被认为是破损的"并且不应使用,特别是密码?
并称为哈希",而不是编码".这两个词之间有很大的区别.
Hi All,
Recently, I''m deleveoping the extend application (.net 2.0) to generate the password, encrpyte the password using MD5 and insert it into Database for Client Login in Website(.net 1.1 Platform)
After developed the extend program, some of my user reported that some of the password cannot be using in website.
When I checked the coding for encryption, there''s some problem that I found.
Here''s my part of the encryption method.
public string encryptStr(string strPassword)
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] pwd = Encoding.Unicode.GetBytes(strPassword);
string ePwd = Encoding.Unicode.GetString(md5.ComputeHash(pwd));
return ePwd;
}
If you just run it in Debug Mode, input to Password " you may not find any differ for the String Value "ePwd" in Platform .net 1.1 and 2.0
Using "ePwd" Convert to Byte[] again, you finds that the "pwd" is not same as the Convert Byte Value.
Here[^] is a thread from someone having similar problems. Read through it to see if it provides any help.
Yes but did you not notice that they did not store the result of the ComputeHash() method in astring
, as you do. They actually store the result in abyte[]
, which is correct. They return a string by usingConvert.ToBase64String(hashResult);
.
In doing this they claim that there will be no difference between 1.1 and 2.0. The fact that they use ASCII and you use Unicode encodings should make no difference to an array ofbyte
.
Did you know that MD5 is considered "broken" and should not be used, especially for passwords?
And is called a "hash", not an "encoding". There is a vast difference between the two terms.
这篇关于.net 1.1和2.0中的MD5编码差异的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!