如何重现ASP.NET MVC 4密码哈希 [英] How to reproduce ASP.NET MVC 4 password hash
问题描述
如何重现内置会员系统生成的ASP.NET MVC 4密码哈希?
How to reproduce ASP.NET MVC 4 password hash, produced by the built-in membership system?
示例:
输入:loz123
输出:APeJ4h0M4h7OFz91WwmJUjFfI2Daiq5xaUaZzcevoyWfkPZ3SYFJ48F + YzNrBNvaJA ==
数据库中的盐"字段为空.
Example:
Input: loz123
Output: APeJ4h0M4h7OFz91WwmJUjFfI2Daiq5xaUaZzcevoyWfkPZ3SYFJ48F+YzNrBNvaJA==
The "Salt" field in database is empty.
我正在将数据从一个数据库传输到另一个数据库.在源数据库中,密码以纯文本形式存储.在目标数据库中,密码应存储为ASP.NET成员资格系统生成的哈希. 我知道散列与使用SHA1算法和base64编码有关,但是我无法获得正确的输出. 如果MS SQL Server中具有内置功能,将很方便,这样可以执行如下查询:
I am transferring data from one database to another. In the source database passwords are stored as plain text. In the destination database, the passwords should be stored as hashes generated by ASP.NET Membership system. I know the hashing is something about using SHA1 algorithm and base64 encoding, but I can't get the correct outputs. It would be convenient if there was a built-in function in MS SQL Server, so that a query such as the following could be executed:
SELECT Username, Hash(Password) FROM Users
推荐答案
这可以帮助您找到正确的算法:
This may help you to get to the right algorithm:
您将必须检查您的特定设置.
You will have to check your specific settings.
MSDN的摘要:
SQL Server成员资格提供程序支持清除,加密和哈希密码格式. 清除密码以纯文本格式存储,从而提高了密码存储和检索的性能,但安全性较低,因为如果您的SQL Server数据库遭到破坏,密码很容易读取. 已加密密码在存储时已加密,可以解密以进行密码比较或密码检索.这需要进行密码存储和检索的附加处理,但更加安全,因为如果SQL Server数据库受到破坏,则无法轻松确定密码.当存储在数据库中时,会使用单向散列算法和随机生成的盐值对散列密码进行散列.密码通过验证后,会与数据库中的salt值一起进行哈希处理以进行验证.隐藏的密码无法检索.
The SQL Server membership provider supports Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your SQL Server database is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords cannot easily be determined if the SQL Server database is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved.
PasswordFormat值是在ASP.NET应用程序的Web.config文件的providers部分中指定的.
The PasswordFormat value is specified in the providers section of the Web.config file for the ASP.NET application.
默认情况下,将根据配置中machineKey元素中提供的信息对加密和散列的密码进行加密或散列.请注意,如果为验证属性指定3DES值,或者未指定任何值,则将使用SHA1算法对哈希密码进行哈希处理.
Encrypted and Hashed passwords are encrypted or hashed by default based on information supplied in the machineKey element in your configuration. Note that if you specify a value of 3DES for the validation attribute, or if no value is specified, hashed passwords will be hashed using the SHA1 algorithm.
可以使用成员资格元素(ASP.NET设置架构)配置元素的hashAlgorithmType属性定义自定义哈希算法.如果选择加密,则默认密码加密使用AES.您可以通过设置machineKey配置元素的解密属性来更改加密算法.如果要加密密码,则必须在machineKey元素中为decryptionKey属性提供一个明确的值.当使用具有ASP.NET成员身份的加密密码时,不支持decryptionKey属性的AutoGenerate默认值.
A custom hash algorithm can be defined using the hashAlgorithmType attribute of the membership Element (ASP.NET Settings Schema) configuration element. If you choose encryption, default password encryption uses AES. You can change the encryption algorithm by setting the decryption attribute of the machineKey configuration element. If you are encrypting passwords, you must provide an explicit value for the decryptionKey attribute in the machineKey element. The default value of AutoGenerate for the decryptionKey attribute is not supported when using encrypted passwords with ASP.NET Membership.
这篇关于如何重现ASP.NET MVC 4密码哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
