重新实现ASP.NET成员资格和用户密码的散列红宝石 [英] Reimplement ASP.NET Membership and User Password Hashing in Ruby
问题描述
我有用户(〜200,000)我是从一个ASP.NET应用程序转移到Ruby on Rails应用的大型数据库。我真的不希望要求每个用户重置其密码,所以我试图重新在Ruby中实现C#的密码哈希函数。
I have a large database of users (~200,000) that I'm transferring from a ASP.NET application to a Ruby on Rails application. I don't really want to ask every user to reset their password and so I'm trying to re-implement the C# password hashing function in Ruby.
旧的功能是这样的:
public string EncodePassword(string pass, string saltBase64)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Convert.FromBase64String(saltBase64);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
一个例子哈希密码和盐是(和使用的密码是密码):
An example hashed password and salt is (and the password used was "password"):
哈希密码:weEWx4rhyPtd3kec7usysxf7kpk =
盐:1ptFxHq7ALe7yXIQDdzQ9Q ==
密码:密码
Hashed password: "weEWx4rhyPtd3kec7usysxf7kpk=" Salt: "1ptFxHq7ALe7yXIQDdzQ9Q==" Password: "password"
现在用下面的Ruby code:
Now with the following Ruby code:
require "base64"
require "digest/sha1"
password = "password"
salt = "1ptFxHq7ALe7yXIQDdzQ9Q=="
concat = salt+password
sha1 = Digest::SHA1.digest(concat)
encoded = Base64.encode64(sha1)
puts encoded
我没有得到正确的密码哈希(我得到+ BsdIOBN / Vh2U7qWG4e + O13h3iQ =而不是weEWx4rhyPtd3kec7usysxf7kpk =)。任何人都可以看到的问题可能是什么?
I'm not getting the correct password hash (I'm getting "+BsdIOBN/Vh2U7qWG4e+O13h3iQ=" instead of "weEWx4rhyPtd3kec7usysxf7kpk="). Can anyone see what the problem might be?
非常感谢
Arfon
推荐答案
只是一个快速更新,我的一个同事已经解决了这个:
Just a quick update, a colleague of mine has solved this:
require "base64"
require "digest"
require "jcode"
def encode_password(password, salt)
bytes = ""
password.each_char { |c| bytes += c + "\x00" }
salty = Base64.decode64(salt)
concat = salty+bytes
sha1 = Digest::SHA1.digest(concat)
encoded = Base64.encode64(sha1).strip()
puts encoded
end
这篇关于重新实现ASP.NET成员资格和用户密码的散列红宝石的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!