当使用sha512和salt进行数据库哈希密码时,如何将数据库中的密码与输入用户密码进行比较 [英] how compare password from database with input user password when password in database hash with sha512 and salt

查看:73
本文介绍了当使用sha512和salt进行数据库哈希密码时,如何将数据库中的密码与输入用户密码进行比较的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当数据库哈希中的密码与sha512和salt进行密码时,如何将数据库中的密码与输入用户密码进行比较?



这是我的代码并且不起作用:



 使用 System.Collections.Generic; 
 使用 System.Linq; 
 使用 System.Web; 
 使用 System.Configuration; 
 使用 System.Data; 
 使用 System.Data.Sql; 
 使用 System.Data.SqlClient; 
 使用 System.Security.Cryptography; 
 使用 System.Web.Security; 
 
 
 
 
  public   partial   class  Default2:System.Web.UI.Page 
 {
 SqlConnection Conn =  new  SqlConnection(ConfigurationManager.ConnectionStrin gs [  conn]。ConnectionString); 
 
 
 
 受保护  void  Page_Load( object  sender,EventArgs e)
 {
 Button1.Click + = Fire; 
 
} 
 
  private   void  Fire(< span class =code-keyword> object  sender,EventArgs e)
 {
  int  num =  1000 ; 
  string  salt = CreateSalt(num); 
  string  saltpwd =  string  .Concat(salt,TextBox2.Text); 
 CreatePasswordHash(saltpwd); 
 
  string  str =  string  .Empty; 
  if (Conn.State == ConnectionState.Closed)
 Conn.Open(); 
 SqlCommand Cmd =  new  SqlCommand(  SELECT * FROM Users WHERE(usr_UserName = @ FUserName)); 
 Cmd.Parameters.AddWithValue(  @ FUserName,TextBox1.Text.Trim() ); 
 Cmd.Connection = Conn; 
 SqlDataReader reader = Cmd.ExecuteReader(); 
 reader.Read(); 
  if (reader.HasRows)
 {
  if (! reader.IsDBNull(reader.GetOrdinal(  usr_Password)))
 {
 str = reader.GetString(reader.GetOrdinal(  usr_Password)); 
} 
 
} 
 
  int  result =  string  .Compare(CreatePasswordHash(saltpwd).Trim(),str, true ); 
  if (result ==  0 
 {
 Label1。 Text =   Good; 
} 
  else  
 {
 Label1.Text =   Bad; 
} 
} 
 
 
 私人  string  CreateSalt( int  size)
 {
 RNGCryptoServiceProvider rng =  new  RNGCryptoServiceProvider( ); 
  byte  [] buff =  new   byte < /跨度> [大小]; 
 rng.GetBytes(buff); 
  return  Convert.ToBase64String(buff); 
 
} 
 
  private   string  CreateSalt1(< span class =code-keyword> int  size)
 {
 RNGCryptoServiceProvider rng =  new  RNGCryptoServiceProvider(); 
  byte  [] buff =  new   byte < /跨度> [大小]; 
 rng.GetBytes(buff); 
  return  Convert.ToBase64String(buff); 
 
} 
 
  private   string  CreatePasswordHash(< span class =code-keyword> string  pwd)
 {
  byte  [] Data = System.Text.UTF8Encoding。 UTF8.GetBytes(PWD); 
 SHA512Managed sha =  new  SHA512Managed(); 
  byte  [] HashValue = sha.ComputeHash(Data); 
  string  result =  string  .Empty; 
 
  foreach  var  h  in  HashValue)
 result + =  string  .Format(  {0:X},h); 
 
 返回结果; 
} 
 
 
 
 
 受保护  void  Button2_Click( object  sender,EventArgs e)
 {
 
}

解决方案

您好,

当用户第一次输入密码时,您需要加密密码并将其存储在数据库中。



当用户访问应用程序时,您完全像以前一样加密密码并检查存储的加密密码。



如果密码相同,加密相同,加密值应该匹配。



如果盐是伪随机的,因为盐每次都会改变,沿着加密密码将salt保存在db中。那些破解你系统的人不会知道每个用户都有盐。





问候

Jegan


您好,



您还需要将盐存储在数据库中。例如,来自Apache Httpd服务器的htpasswd.exe将salt存储为前两个字符(如果是crypt)&作为前八个字符(在md5的情况下),在散列密码本身中。



在您的情况下,您也可以采用类似的策略。您的存储密码可以生成如下所示

  string  salt = CreateSalt(num); 
  string  saltpwd =  String  .Concat(salt,TextBox2.Text); 
  string  strPwdHash =  String  .concat(


,salt,

how compare password from database with input user password when password in database hash with sha512 and salt?

thi is my code and dont work:

using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Web.Security;
 
 
     
 
public partial class Default2 : System.Web.UI.Page
{
    SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrin  gs["conn"].ConnectionString);
 
 
 
    protected void Page_Load(object sender, EventArgs e)
    {
        Button1.Click += Fire;
 
    }
 
    private void Fire(object sender, EventArgs e)
    {
        int num = 1000;
        string salt = CreateSalt(num);
        string saltpwd = string.Concat(salt, TextBox2.Text);
        CreatePasswordHash(saltpwd);
 
         string str = string.Empty;
              if (Conn.State == ConnectionState.Closed)
                  Conn.Open();
            SqlCommand  Cmd = new SqlCommand("SELECT * FROM Users WHERE  (usr_UserName=@FUserName) ");
              Cmd.Parameters.AddWithValue("@FUserName", TextBox1.Text.Trim());
              Cmd.Connection = Conn;
              SqlDataReader reader = Cmd.ExecuteReader();
              reader.Read();
              if (reader.HasRows)
              {
                  if (!reader.IsDBNull(reader.GetOrdinal("usr_Password"  )))
                  {
                     str = reader.GetString(reader.GetOrdinal("usr_Password")  );
                  }
    
             }
 
              int result = string.Compare(CreatePasswordHash(saltpwd).Trim(), str, true);
               if (result == 0)
                  {
                      Label1.Text = "Good";
                  }
             else
                 {
                     Label1.Text = "Bad";
                 }
    }
 
 
    private string CreateSalt(int size)
    {
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);
        return Convert.ToBase64String(buff);
 
    }
 
    private string CreateSalt1(int size)
    {
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);
        return Convert.ToBase64String(buff);
 
    }
 
    private string CreatePasswordHash(string pwd)
    {
        byte[] Data = System.Text.UTF8Encoding.UTF8.GetBytes(pwd);
        SHA512Managed sha = new SHA512Managed();
        byte[] HashValue = sha.ComputeHash(Data);
        string result = string.Empty;
 
        foreach (var h in HashValue)
            result += string.Format("{0:X}", h);
 
        return result;
    }
 
  
 
 
    protected void Button2_Click(object sender, EventArgs e)
    {
        
    }

解决方案

Hi,
When the first time the user enters the password, you encrypt them and store them in the database.

When the user access the application, you encrypt the password exactly as before and check against the stored encrypted password.

If the password is same, and the encryption is same then the encrypted values should match.

if in case the salt is pseudo random, as the salt will change each time, keep the salt in the db along the encrypted password. those who hack your system wouldn''t know that you have a salt for each user.


Regards
Jegan


Hello,

You need to store the salt as well in the database. For example the htpasswd.exe from Apache Httpd server stores the salt as first two character (in case of crypt) & as first eight characters (ini case of md5), in the hashed pasword itself.

In your case also you can adopt similar strategy. Your stored password could be generated as shown below

string salt = CreateSalt(num);
string saltpwd = String.Concat(salt, TextBox2.Text);
string strPwdHash = String.concat("


", salt, "


这篇关于当使用sha512和salt进行数据库哈希密码时,如何将数据库中的密码与输入用户密码进行比较的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆