BCryptHelper.CheckPassword始终返回false [英] BCryptHelper.CheckPassword always returns false

问题描述

我实施使用BCrypt密码散列，这应该是pretty直截了当地使用。
然而，当密码是对哈希密码使用检查

I'm implementing password hashing using BCrypt, which should be pretty straight forward to use. However when the password is checked against the hashed password using

BCryptHelper.CheckPassword(Password, hashedDBPassword)

这始终返回false。

this always return false.

下面是我的散列器类：

public static class BCryptHasher
    {
        public static string EncryptPassword(string password)
        {
            var passwordToHash = password;
            var hashedPassword = BCryptHelper.HashPassword(passwordToHash, BCryptHelper.GenerateSalt(6));

            return hashedPassword;
        }

        public static bool CheckPasswordMatch(string userPassword, string hashedDBPassword)
        {
            return BCryptHelper.CheckPassword(userPassword, hashedDBPassword);
        }
    }

我已经调试检查密码，hashedPassword是正确的。
这个问题不是其他许多情况下存在，所以一定有什么东西我做错了。

I have debugged to check if the password and hashedPassword are correct. Not many other cases of this problem exist so there must be something I am doing wrong.

我发现了同样的问题在这里：<一href=\"http://stackoverflow.com/questions/6222268/asp-net-mvc-3-app-bcrypt-checkpassword-failing\">ASP.NET MVC 3应用程序，BCrypt.CheckPassword失败但没有解决方案已被发现呢。

I found the same question here: ASP.NET MVC 3 app, BCrypt.CheckPassword failing but no solution has been found yet.

也许还有其他更好的解决方案，为哈希？

Maybe there are other and better solutions for hashing?

感谢

推荐答案

也许问题是不是在哈希itselft，也许这是你存储在数据库中的口令和后记检索或类似的东西的方式。

Maybe the problem is not in the hashing itselft, maybe it's the way you store the password in the database and retrieve it afterwords or something like that.

第一步是编写单元测试来检查类的功能

First step I would take is to write a unit test to check the functionality of that class

[TestClass]
public class BCryptHasherTest
{
    [TestMethod]
    public void check_hashing_works_for_valid_password()
    {
        string password = "myDummyPassword!";
        string hashedPassword = BCryptHasher.EncryptPassword(password);

        var passwordsMatch = BCryptHasher.CheckPasswordMatch(password, hashedPassword);      
        Assert.IsTrue(passwordsMatch);
    }
}

如果此通过，问题是别的地方在你的code，所以你可以继续测试其他的东西，直到你找到了问题。

If this passes, the problem is somewhere else in your code, so you can go ahead and test for other things until you have found the issue.

这篇关于BCryptHelper.CheckPassword始终返回false的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！