ASP.NET密码哈希函数 [英] ASP.NET Password Hash Functions
问题描述
我将使用第三方应用程序进行大部分操作.该应用程序允许我创建客户名/密码,以便通过该第三方供应商建立的预建网站进行在线访问.我想建立一个供客户使用的新站点,因为我们的应用程序随附的站点非常糟糕.但是,我不知道如何对密码进行哈希处理以匹配此应用程序中使用的哈希.我已经做了很多挖掘工作,并且我很确定供应商会使用用户定义的函数来对密码进行哈希处理.但是,我相信有多个不同的函数相互串联使用(不是肯定的,但是它们全部在数据库的用户定义函数中).是否有人熟悉Gleb Ufimtsev所拥有的功能,并称为ugAddMod32,ugBitsSet,ugInverse,ugLeftShift,ugRightShift,ugRotateLeft,ugSha1part_ft,ugsha1part_kt,ugSha1part_WordofStr,ugSha1str.
I use a 3rd party application for the bulk of our operation. This application allows me to create customer username/passwords for online access via a prebuilt website built by this 3rd party vendor. I want to build a new site for the customers to use because the site that was included with our application is terrible. However, I do not know how to hash the password to match the hash used in this application. I have been doing a lot of digging and I am pretty sure the vendor uses user defined functions to hash the passwords. However, there are multiple different functions that I believe are used in tandem with each other (Not positive, but they are all in the user defined functions in the database). Is there anyone familiar with the functions copyrighted by Gleb Ufimtsev, and called ugAddMod32, ugBitsSet, ugInverse, ugLeftShift, ugRightShift, ugRotateLeft, ugSha1part_ft, ugsha1part_kt, ugSha1part_WordofStr, ugSha1str.
我希望能够对这些函数的密码进行哈希处理,并将asp哈希与存储在数据库中的哈希进行比较.
I want to be able to hash the password from these functions and compare the asp hash to the hash stored in the database.
我试图将其尽可能地缩短.我正在将vs2005,.aspx和.vb文件一起使用.
I tried to shorten this as much as possible. I am using vs2005, .aspx, with .vb file.
如果需要,我可以添加这些功能.
I can include the funtions if needed.
我尝试使用内置函数vs2005来使用sha1和md5进行哈希处理,但没有将其哈希处理到与数据库中相同的输出.
I tried using vs2005 built in functions to hash using sha1 and md5 but neither hash to the same output as what is in my database.
我还尝试了许多站点,它们使用众所周知的哈希函数来匹配密码和哈希,超过100种方式,但都不匹配.这使我相信这是一种自定义哈希算法,就像我提到的功能一样.
I have also tried many sites to match passwords and hash with well know hash functions, over 100 ways, and none match. This leads me to believe that this is a custom hash algorithm like the functions i have mentioned.
谢谢
推荐答案
ASP.NET成员资格类将创建并验证哈希密码.需要使用盐来提高站点的安全性,因为如果密码具有不同的盐值,则相同的密码(很多人将使用密码")将不会具有相同的哈希值.
使用诸如SHA1和md5之类的加密算法使用安全密钥创建哈希.每个Web服务器(或Web场)将具有一个(唯一的)唯一密钥,因此,除非您可以获取旧站点的密钥并知道它们使用哪种算法,否则将无法创建或验证存储在该服务器上的密码.旧站点.
如果必须使用兼容的密码,建议您创建一个更好的前端,然后将所需的信息传递到旧站点.
The ASP.NET Membership class will create and verify hashed passwords. Using salts is required to increase the security of the site as the same password (a lot of people will use ''password'') will not have the same hash if it has a different salt value.
Hashes are created using a secure key using cryptographic algorithms such as SHA1 and md5. Each web-server ( or web farm ) will have a (hopefully) unique key, so unless you can get the old site''s key and know which algorithm they use, you will not be able to create or verify the passwords stored on the old site.
If you must use compatible passwords, I suggest you create a better front-end and then pass the required information to the old site.
如果我曾经使用过哈希,我也会在对哈希进行哈希处理之前,通过在末尾添加一个已知字符串来对字符串进行盐化.这降低了某人制定我正在做的事情的几率.是第三方dll .NET吗?如果是这样,请使用反射来确定其作用.我敢打赌,它使用内置算法并对哈希值加盐.
If I ever use a hash, I also salt the string, by adding a known string at the end before I hash it. This decreases the odds of someone working out what I am doing. Is the third party dll .NET ? If it is, use reflection to work out what it does. I bet it uses a built in algorithm and salts the hash.
这篇关于ASP.NET密码哈希函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
