模拟MySQL的密码()使用.NET加密或MS SQL [英] Simulating MySql's password() encryption using .NET or MS SQL
问题描述
我更新旧的ASP / MySQL的Web应用程序,以ASP.NET/MS SQL。
I'm updating an old ASP/MySql webapp to ASP.NET/MS SQL.
我们想保持登录从旧网站的新的应用程序工作。
We would like to keep the logins from the old website working in the new app.
不幸的是,密码使用MySQL的密码()函数存储在MySQL数据库。
Unfortunately the passwords were stored in the MySql DB using MySql's password() function.
是否可以模拟MySQL的密码()函数在任何.NET或 MS SQL?
Is it possible to simulate MySql's password() function in either .NET or MS SQL?
任何帮助/链接AP preciated。
Any help/links are appreciated.
推荐答案
据MySQL文档,该算法是一个双SHA1哈希值。当检查MySQL源代码code,你发现的libmysql / password.c一个函数调用make_scrambled_password()。功能定义如下:
According to MySQL documentation, the algorithm is a double SHA1 hash. When examining the MySQL source code, you find a function called make_scrambled_password() in libmysql/password.c. The function is defined as follows:
/*
MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
applied to the password string, and then produced octet sequence is
converted to hex string.
The result of this function is used as return value from PASSWORD() and
is stored in the database.
SYNOPSIS
make_scrambled_password()
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
password IN NULL-terminated password string
*/
void
make_scrambled_password(char *to, const char *password)
{
SHA1_CONTEXT sha1_context;
uint8 hash_stage2[SHA1_HASH_SIZE];
mysql_sha1_reset(&sha1_context);
/* stage 1: hash password */
mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) strlen(password));
mysql_sha1_result(&sha1_context, (uint8 *) to);
/* stage 2: hash stage1 output */
mysql_sha1_reset(&sha1_context);
mysql_sha1_input(&sha1_context, (uint8 *) to, SHA1_HASH_SIZE);
/* separate buffer is used to pass 'to' in octet2hex */
mysql_sha1_result(&sha1_context, hash_stage2);
/* convert hash_stage2 to hex string */
*to++= PVERSION41_CHAR;
octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
}
鉴于这种方法,您可以创建一个.NET版本,基本上做同样的事情。这是我想出来的。当我运行SELECT PASSWORD('测试');针对MySQL的我的本地副本,返回的值是:
Given this method, you can create a .NET counterpart that basically does the same thing. Here's what I've come up with. When I run SELECT PASSWORD('test'); against my local copy of MySQL, the value returned is:
* 94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
据消息人士透露code(再次password.c),开始星号表示这是加密的密码后的MySQL 4.1的方法。当我模仿在VB.Net例如功能,这就是我想出了:
According to the source code (again in password.c), the beginning asterisk indicates that this is the post-MySQL 4.1 method of encrypting the password. When I emulate the functionality in VB.Net for example, this is what I come up with:
Public Function GenerateMySQLHash(ByVal strKey As String) As String
Dim keyArray As Byte() = Encoding.UTF8.GetBytes(strKey)
Dim enc = New SHA1Managed()
Dim encodedKey = enc.ComputeHash(enc.ComputeHash(keyArray))
Dim myBuilder As New StringBuilder(encodedKey.Length)
For Each b As Byte In encodedKey
myBuilder.Append(b.ToString("X2"))
Next
Return "*" & myBuilder.ToString()
End Function
请记住,SHA1Managed()是在System.Security.Cryptography命名空间。此方法返回作为MySQL的密码()调用相同的输出。我希望这可以帮助你。
Keep in mind that SHA1Managed() is in the System.Security.Cryptography namespace. This method returns the same output as the PASSWORD() call in MySQL. I hope this helps for you.
编辑:这是同样的code在C#
Here's the same code in C#
public string GenerateMySQLHash(string key)
{
byte[] keyArray = Encoding.UTF8.GetBytes(key);
SHA1Managed enc = new SHA1Managed();
byte[] encodedKey = enc.ComputeHash(enc.ComputeHash(keyArray));
StringBuilder myBuilder = new StringBuilder(encodedKey.Length);
foreach (byte b in encodedKey)
myBuilder.Append(b.ToString("X2"));
return "*" + myBuilder.ToString();
}
这篇关于模拟MySQL的密码()使用.NET加密或MS SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
