经典asp和ASP.NET之间的密码加密/解密 [英] Password encryption/decryption between classic asp and ASP.NET

问题描述

我有2个网站：一个是用经典的asp写的，另一个是用ASP.NET写的（1.1框架）。这两个应用程序都使用登录机制根据共享数据库表验证用户凭据。到目前为止，密码存储在单向MD5哈希中，这意味着如果他们失去旧密码，则必须给予新的生成的密码。

I have 2 websites: one written in classic asp and another written in ASP.NET (1.1 framework). Both applications use a login mechanism to validate user credentials based on a shared database table. Up to now passwords are stored in a 1-way MD5 hash, meaning people must be given a new generated password if they lose the old one. I now want to change this and make the passwords decryptable.

我发现这个Rijndael代码可以与经典的asp一起使用：
http://www.frez.co.uk/freecode.htm#rijndael

I found this Rijndael code to use with classic asp: http://www.frez.co.uk/freecode.htm#rijndael

但是我找不到相同的ASP.NET解决方案。我试过这个，但它给我不同的加密和解密结果之间经典的asp和ASP.NET代码：

But I cannot find the same solution for ASP.NET. I tried this, but it gives me different encryption and decryption results between the classic asp and ASP.NET code:

        If Not String.IsNullOrEmpty(TextBox1.Text) And Not String.IsNullOrEmpty(TextBox2.Text) Then

        Dim password = TextBox1.Text
        Dim key = TextBox2.Text

        Dim keyGenerator = New Rfc2898DeriveBytes(key, 8)
        Dim r = New RijndaelManaged

        r.Mode = CipherMode.CBC
        r.Padding = PaddingMode.Zeros
        r.BlockSize = 256
        r.KeySize = 256
        r.FeedbackSize = 256

        r.IV = keyGenerator.GetBytes(CType(r.BlockSize / 8, Integer))
        r.Key = keyGenerator.GetBytes(CType(r.KeySize / 8, Integer))

        Dim transform As ICryptoTransform = r.CreateEncryptor()

        Dim encoded As Byte() = Encoding.ASCII.GetBytes(password)
        Dim target As Byte() = transform.TransformFinalBlock(encoded, 0, encoded.Length)

        TextBox3.Text = Encoding.ASCII.GetString(target)

    End If

推荐答案

我快速地看了一下经典的asp文件，它没有提到使用的块模式，而.net代码指定CBC模式和填充。此外，经典的实现状态：

I had a quick look at the classic asp files and it doesn't mention the block mode used, whereas your .net code specifies CBC mode and also the padding. Further the classic implementation states:

'2001年4月3日：添加到
底部的函数用于加密/解密大
'数组数组。
数组的整个长度作为第一个
四个字节插入到加密前的结果字节
数组的
第一个块的前面。

' 3-Apr-2001: Functions added to the bottom for encrypting/decrypting large ' arrays of data. The entire length of the array is inserted as the first four ' bytes onto the front of the first block of the resultant byte array before ' encryption.

如果你正在使用这些函数，那么你的加密大小字节也。

Are you using those functions, if you are then your encrypting the size bytes too.

请放心.net加密运作良好，我猜你的问题是在你发现的经典解决方案。如果我在你的位置，我会开始简化的东西，只是加密每个方法的单个块，然后从那里扩展...好运气

Be assured the .net encryption works well, I'd guess your problem is in the classic solution you've found. If I were in your position I'd start by simplifying things and just encrypt a single block with each method and then expand from there... good luck

这篇关于经典asp和ASP.NET之间的密码加密/解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！