如何解密该密码? [英] How to decrypt this password?

问题描述

namespace Mansoft.Framework.Security
{
    /// <summary>
    /// Provides static methods for generating hash of password and changing password.
    /// </summary>
    public class PasswordManager
    {
        public const string HASHPROVIDERNAME = "SHA1Managed";

        public static string GetHash(string passwordToHash)
        {
            return Cryptographer.CreateHash(HASHPROVIDERNAME, passwordToHash);
        }

        public static bool CompareHash(string textPassword, string passwordHash)
        {
            return Cryptographer.CompareHash(HASHPROVIDERNAME, textPassword, passwordHash);
        }

        public static string GetHashPassword(string passwordToHash, string saltString)
        {
            return ComputeHash(HASHPROVIDERNAME, passwordToHash, saltString);
        }

        public static bool CompareHashedPassword(string textPassword, string passwordHash, string saltString)
        {
            return VerifyHash(HASHPROVIDERNAME, textPassword, passwordHash, saltString);
        }

        public static string GetSalt(int length)
        {
            byte[] randomArray = new byte[length];
            string saltString;
            //Create random salt and convert to string
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
            rng.GetNonZeroBytes(randomArray);
            saltString = Convert.ToBase64String(randomArray);
            return saltString;

        }

        private static string ComputeHash(string hashAlgorithm, string plainText, string saltString)
        {
            // If salt is not specified, generate it on the fly.
            byte[] saltBytes = null;
            saltBytes = Encoding.UTF8.GetBytes(saltString);
            if (saltBytes == null)
            {
                // Define min and max salt sizes.
                int minSaltSize = 4;
                int maxSaltSize = 8;

                // Generate a random number for the size of the salt.
                Random random = new Random();
                int saltSize = random.Next(minSaltSize, maxSaltSize);

                // Allocate a byte array, which will hold the salt.
                saltBytes = new byte[saltSize];

                // Initialize a random number generator.
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

                // Fill the salt with cryptographically strong byte values.
                rng.GetNonZeroBytes(saltBytes);
            }

            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText); // Convert plain text into a byte array.

            byte[] plainTextWithSaltBytes = new byte[plainTextBytes.Length + saltBytes.Length]; // Allocate array, which will hold plain text and salt.
           
            for (int i = 0; i < plainTextBytes.Length; i++)
                plainTextWithSaltBytes[i] = plainTextBytes[i];  // Copy plain text bytes into resulting array.
            
            for (int i = 0; i < saltBytes.Length; i++)
                plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i]; // Append salt bytes to the resulting array.

            HashAlgorithm hash;

            // Make sure hashing algorithm name is specified.
            if (hashAlgorithm == null)
                hashAlgorithm = "";
            
            switch (hashAlgorithm.ToUpper())
            {
                case "SHA1Managed":
                    hash = new SHA1Managed(); // Initialize appropriate hashing algorithm class.
                    break;
                default:
                    hash = new MD5CryptoServiceProvider();
                    break;
            }

            byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes); // Compute hash value of our plain text with appended salt.

            byte[] hashWithSaltBytes = new byte[hashBytes.Length + saltBytes.Length];  // Create array which will hold hash and original salt bytes.
                       
            for (int i = 0; i < hashBytes.Length; i++)
                hashWithSaltBytes[i] = hashBytes[i];  // Copy hash bytes into resulting array.
            
            for (int i = 0; i < saltBytes.Length; i++)
                hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i]; // Append salt bytes to the result.

            string hashValue = Convert.ToBase64String(hashWithSaltBytes); // Convert result into a base64-encoded string.

            return hashValue;
        }

        private static bool VerifyHash(string hashAlgorithm, string plainText, string hashValue, string saltString)
        {
            string expectedHashString = ComputeHash(hashAlgorithm, plainText, saltString); // Compute a new hash string.

            return (hashValue == expectedHashString);
        }


    }
}

推荐答案

您不能.这就是盐化哈希的全部要点.您可以验证密码，但不能向后找回密码.

彼得

You can''t. That is the whole pointed of salted hashing. You can verify a password, but you can''t work backwards to retrieve the password.

Peter

您不能.

SHA不是加密算法，而是一种哈希算法.
区别在于加密可以逆向执行，散列不能-恰恰是为什么散列用于存储密码而不是加密的原因.

You can''t.

SHA is not an encryption algorithm - it is a hashing algorithm.
The difference is that encryption can be reversed, hashing can''t - that is exactly why hashing is used for password storage instead of encryption.

请参阅解决方案1和解决方案. 3昨天在类似主题上发布:解密加密密码 [ ^ ]

See Solution 1 & 3 posted yesterday on similar topic: Decryption of Encrypted Password[^]

这篇关于如何解密该密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！