重新实现ASP.NET成员资格和用户密码的散列红宝石 [英] Reimplement ASP.NET Membership and User Password Hashing in Ruby

问题描述

我有用户（〜200,000）我是从一个ASP.NET应用程序转移到Ruby on Rails应用的大型数据库。我真的不希望要求每个用户重置其密码，所以我试图重新在Ruby中实现C＃的密码哈希函数。

I have a large database of users (~200,000) that I'm transferring from a ASP.NET application to a Ruby on Rails application. I don't really want to ask every user to reset their password and so I'm trying to re-implement the C# password hashing function in Ruby.

旧的功能是这样的：

public string EncodePassword(string pass, string saltBase64)
 {
     byte[] bytes = Encoding.Unicode.GetBytes(pass);
     byte[] src = Convert.FromBase64String(saltBase64);
     byte[] dst = new byte[src.Length + bytes.Length];
     Buffer.BlockCopy(src, 0, dst, 0, src.Length);
     Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
     HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
     byte[] inArray = algorithm.ComputeHash(dst);
     return Convert.ToBase64String(inArray);
 }

一个例子哈希密码和盐是（和使用的密码是密码）：

An example hashed password and salt is (and the password used was "password"):

哈希密码：weEWx4rhyPtd3kec7usysxf7kpk =
盐：1ptFxHq7ALe7yXIQDdzQ9Q ==
密码：密码

Hashed password: "weEWx4rhyPtd3kec7usysxf7kpk=" Salt: "1ptFxHq7ALe7yXIQDdzQ9Q==" Password: "password"

现在用下面的Ruby code：

Now with the following Ruby code:

require "base64"
require "digest/sha1"


password = "password"
salt = "1ptFxHq7ALe7yXIQDdzQ9Q=="

concat = salt+password

sha1 = Digest::SHA1.digest(concat)

encoded = Base64.encode64(sha1)

puts encoded

我没有得到正确的密码哈希（我得到+ BsdIOBN / Vh2U7qWG4e + O13h3iQ =而不是weEWx4rhyPtd3kec7usysxf7kpk =）。任何人都可以看到的问题可能是什么？

I'm not getting the correct password hash (I'm getting "+BsdIOBN/Vh2U7qWG4e+O13h3iQ=" instead of "weEWx4rhyPtd3kec7usysxf7kpk="). Can anyone see what the problem might be?

非常感谢

Arfon

推荐答案

只是一个快速更新，我的一个同事已经解决了这个：

Just a quick update, a colleague of mine has solved this:

require "base64"
require "digest"
require "jcode"


def encode_password(password, salt)
 bytes = ""
 password.each_char { |c| bytes += c + "\x00" }
 salty = Base64.decode64(salt)
 concat = salty+bytes
 sha1 = Digest::SHA1.digest(concat)
 encoded = Base64.encode64(sha1).strip()
 puts encoded
end

这篇关于重新实现ASP.NET成员资格和用户密码的散列红宝石的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！