JavaScript:如何生成像C#这样的Rfc2898DeriveBytes? [英] JavaScript: How to generate Rfc2898DeriveBytes like C#?
问题描述
编辑:在评论中的每次讨论中,让我澄清一下,这将发生在SSL后面的服务器端。我不打算将散列密码或散列方案暴露给客户端。
Per discussion in the comments, let me clarify that this will be happening server side, behind SSL. I do not intend to expose the hashed password or the hashing scheme to the client.
假设我们有一个现有的asp.net身份数据库,其中包含默认表(aspnet_Users,aspnet_Roles等)。根据我的理解,密码哈希算法使用sha256并将salt +(哈希密码)存储为base64编码的字符串。 编辑:此假设不正确,请参阅下面的答案。
Assume we have an existing asp.net identity database with the default tables (aspnet_Users, aspnet_Roles, etc.). Based on my understanding, the password hashing algorithm uses sha256 and stores the salt + (hashed password) as a base64 encoded string. This assumption is incorrect, see answer below.
我想复制Microsoft的功能.AspNet.Identity.Crypto类具有JavaScript版本的 VerifyHashedPassword 功能。
I would like to replicate the function of the Microsoft.AspNet.Identity.Crypto class' VerifyHashedPassword function with a JavaScript version.
假设密码为 welcome1 且其asp.net哈希密码为 ADOEtXqGCnWCuuc5UOAVIvMVJWjANOA / LoVy0E4XCyUHIfJ7dfSY0Id + uJ20DTtG + A ==
Let's say that a password is welcome1 and its asp.net hashed password is ADOEtXqGCnWCuuc5UOAVIvMVJWjANOA/LoVy0E4XCyUHIfJ7dfSY0Id+uJ20DTtG+A==
到目前为止,我已经能够重现获取salt和存储子密钥的方法部分。
So far I have been able to reproduce the parts of the method that get the salt and the stored sub key.
C#实现或多或少地执行此操作:
Where the C# implementation does more or less this:
var salt = new byte[SaltSize];
Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SaltSize);
var storedSubkey = new byte[PBKDF2SubkeyLength];
Buffer.BlockCopy(hashedPasswordBytes, 1 + SaltSize, storedSubkey, 0, PBKDF2SubkeyLength);
我在JavaScript中有以下内容(任何方面都不优雅):
I have the following in JavaScript (not elegant by any stretch):
var hashedPwd = "ADOEtXqGCnWCuuc5UOAVIvMVJWjANOA/LoVy0E4XCyUHIfJ7dfSY0Id+uJ20DTtG+A==";
var hashedPasswordBytes = new Buffer(hashedPwd, 'base64');
var saltbytes = [];
var storedSubKeyBytes = [];
for(var i=1;i<hashedPasswordBytes.length;i++)
{
if(i > 0 && i <= 16)
{
saltbytes.push(hashedPasswordBytes[i]);
}
if(i > 0 && i >16) {
storedSubKeyBytes.push(hashedPasswordBytes[i]);
}
}
再次,它不漂亮,但在运行后这个片段saltbytes和storedSubKeyBytes匹配字节的字节,我在C#调试器中看到salt和storedSubkey。
Again, it ain't pretty, but after running this snippet the saltbytes and storedSubKeyBytes match byte for byte what I see in the C# debugger for salt and storedSubkey.
最后,在C#中,Rfc2898DeriveBytes的一个实例用于根据提供的salt和密码生成一个新的子键,如下所示:
Finally, in C#, an instance of Rfc2898DeriveBytes is used to generate a new subkey based on the salt and the password provided, like so:
byte[] generatedSubkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, PBKDF2IterCount))
{
generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
}
这就是我被困住的地方。我尝试过其他人的解决方案,例如这一个,我分别使用了Google和Node的CryptoJS和加密库,我的输出永远不会生成类似C#版本的东西。
This is where I'm stuck. I have tried others' solutions such as this one, I have used Google's and Node's CryptoJS and crypto libraries respectively, and my output never generates anything resembling the C# version.
(例如:
var output = crypto.pbkdf2Sync(new Buffer('welcome1', 'utf16le'),
new Buffer(parsedSaltString), 1000, 32, 'sha256');
console.log(output.toString('base64'))
生成LSJvaDM9u7pXRfIS7QDFnmBPvsaN2z7FMXURGHIuqdY =)
generates "LSJvaDM9u7pXRfIS7QDFnmBPvsaN2z7FMXURGHIuqdY=")
许多我在网上发现的指针表明涉及编码不匹配的问题(NodeJS / UTF-8与.NET / UTF-16LE),所以我尝试使用默认的.NET编码格式进行编码,但无济于事。
Many of the pointers I've found online indicate problems involving encoding mismatches (NodeJS / UTF-8 vs. .NET / UTF-16LE), so I've tried encoding using the default .NET encoding format but to no avail.
或者我认为这些库正在做的事情我可能完全错了。但是,正确方向的任何指针都会非常感激。
Or I could be completely wrong about what I assume these libraries are doing. But any pointers in the right direction would be much appreciated.
推荐答案
好的,我认为这个问题最终变得更加简单了比我做的更多(不是他们总是)。在 pbkdf2规范上执行RTFM操作后,我进行了一些并排测试使用Node crypto和.NET加密,并在解决方案上取得了相当不错的进展。
Ok, I think this problem ended up being quite a bit simpler than I was making it (aren't they always). After performing a RTFM operation on the pbkdf2 spec, I ran some side-by-side tests with Node crypto and .NET crypto, and have made pretty good progress on a solution.
以下JavaScript代码正确解析存储的salt和subkey,然后通过使用存储的salt对其进行散列来验证给定的密码。毫无疑问,更好/更清洁/更安全的调整,欢迎评论。
The following JavaScript code correctly parses the stored salt and subkey, then verifies the given password by hashing it with the stored salt. There are doubtless better / cleaner / more secure tweaks, so comments welcome.
// NodeJS implementation of crypto, I'm sure google's
// cryptoJS would work equally well.
var crypto = require('crypto');
// The value stored in [dbo].[AspNetUsers].[PasswordHash]
var hashedPwd = "ADOEtXqGCnWCuuc5UOAVIvMVJWjANOA/LoVy0E4XCyUHIfJ7dfSY0Id+uJ20DTtG+A==";
var hashedPasswordBytes = new Buffer(hashedPwd, 'base64');
var hexChar = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
var saltString = "";
var storedSubKeyString = "";
// build strings of octets for the salt and the stored key
for (var i = 1; i < hashedPasswordBytes.length; i++) {
if (i > 0 && i <= 16) {
saltString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f]
}
if (i > 0 && i > 16) {
storedSubKeyString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f];
}
}
// password provided by the user
var password = 'welcome1';
// TODO remove debug - logging passwords in prod is considered
// tasteless for some odd reason
console.log('cleartext: ' + password);
console.log('saltString: ' + saltString);
console.log('storedSubKeyString: ' + storedSubKeyString);
// This is where the magic happens.
// If you are doing your own hashing, you can (and maybe should)
// perform more iterations of applying the salt and perhaps
// use a stronger hash than sha1, but if you want it to work
// with the [as of 2015] Microsoft Identity framework, keep
// these settings.
var nodeCrypto = crypto.pbkdf2Sync(new Buffer(password), new Buffer(saltString, 'hex'), 1000, 256, 'sha1');
// get a hex string of the derived bytes
var derivedKeyOctets = nodeCrypto.toString('hex').toUpperCase();
console.log("hex of derived key octets: " + derivedKeyOctets);
// The first 64 bytes of the derived key should
// match the stored sub key
if (derivedKeyOctets.indexOf(storedSubKeyString) === 0) {
console.info("passwords match!");
} else {
console.warn("passwords DO NOT match!");
}
这篇关于JavaScript:如何生成像C#这样的Rfc2898DeriveBytes?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!