如何解密数据库中的加密密码进行登录? [英] How to decrypt the encrypted password in database for login?
问题描述
我想使用用户名和密码登录。我想解密数据库中的密码以匹配密码密钥。如果密码密钥与密码数据库相同,它将登录系统。但是我的解密函数没有像密码中的密钥那样返回确切的密码。例如,我的数据库密码是'gZ + c6cHMVSz + HwCjIZOLpw ==',这是1234,我的密码密码是'1234'。我运行应用程序然后尝试键入用户名和密码'1234'但解密函数返回我'찚찚\\\悬⋕Ṻ竛''。你可以帮我纠正错误吗?
我尝试过:
这就是我所做的:
i want to do login using username and password. i want to decrypt the password in database to match with the password key in. if the password key in is same with password database, it will log in to the system. but my decrypt function did not return the exact password like key in password. for example, my database password is 'gZ+c6cHMVSz+HwCjIZOLpw==' which is 1234 and my key in password is '1234'. i run the application then try to key in username and password '1234' but decrypt function return me '찚\ufae2懸⋕Ṻ竛腄'. can you help me or correct me which im wrong.
What I have tried:
this is what i have done:
protected void Unnamed_Click(object sender, EventArgs e)
{
using (MySqlConnection con = new MySqlConnection(connStr))
{
using (MySqlCommand cmd = new MySqlCommand("SELECT user_id, username, password FROM users WHERE username = @username"))
{
cmd.Parameters.AddWithValue("@username", txtUsername.Text.Trim());
cmd.Connection = con;
string pwd1 = txtPassword.Text;
MySqlDataReader dr;
con.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
string id = dr["user_id"].ToString();
string dbUsername = dr["username"].ToString();
string dbPwd = dr["password"].ToString();
string pwd = Decrypt(dbPwd);
if (pwd == pwd1)
{
Response.Redirect("~/dashboard.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Invalid Username and Password.');", true);
Response.Redirect("login.aspx");
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Invalid Username and Password.');", true);
Response.Redirect("login.aspx");
}
con.Close();
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
Response.Redirect(Request.Url.AbsoluteUri);
}
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Mode = CipherMode.CBC;
encryptor.Padding = PaddingMode.Zeros;
encryptor.FeedbackSize = 128;
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
更新的问题:
这是我比较哈希的方式,但它说无效盐。
Updated question:
this is the way how i compare the hashes but it says 'Invalid salt'.
using (MySqlConnection con = new MySqlConnection(connStr))
{
using (MySqlCommand cmd = new MySqlCommand("SELECT user_id, username, password FROM users WHERE username = @username"))
{
cmd.Parameters.AddWithValue("@username", txtUsername.Text.Trim());
cmd.Connection = con;
string pwd1 = txtPassword.Text;
MySqlDataReader dr;
con.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
string id = dr["user_id"].ToString();
string dbUsername = dr["username"].ToString();
string dbPwd = dr["password"].ToString();
//string pwd = Decrypt(dbPwd);
bool result = verifyPassword(dbPwd, pwd1);
if (result) //if the verifyPassword is true
{
Response.Redirect("~/dashboard.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Invalid Username and Password.');", true);
Response.Redirect("login.aspx");
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Invalid Username and Password.');", true);
Response.Redirect("login.aspx");
}
con.Close();
con.Open();
cmd.ExecuteNonQuery();
con.Close();
private bool verifyPassword(string dbPwd, string pwd1)
{
bool result = false;
byte[] data = Encoding.Unicode.GetBytes(pwd1);
string salt = dbPwd.Substring(0, 24);
string hash_pwd = Crypter.Blowfish.Crypt(data, salt);
if (dbPwd == hash_pwd)
{
result = true;
}
return result;
}
推荐答案
答案是你做不到,这是一个计算好的哈希,并且是不可逆的。阅读此处提出的相同问题的答案:解密加密密码 [ ^ ]
The answer is you can't, it's a calculated hash and is not reversible. Read the answers to the same question asked here: Decryption of Encrypted Password[^]
这篇关于如何解密数据库中的加密密码进行登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
