ASP.NET成员资格盐? [英] ASP.NET membership salt?
问题描述
如何ASP.NET成员资格产生的盐键,然后他们怎么带code它(也就是说,它是盐+密码或密码+盐)?
我使用 SHA-1 与我的会员,但我想重现相同的盐所以内置成员东西可以散列东西相同的方式,我的东西可以。
编辑2:没关系。我看错了,并认为它说字节,而不是位。所以,我经过128个字节,而不是128位。
编辑:我一直试图做起来很。这是我,
公共字符串连接codePassword(字符串密码,串盐)
{
字节[]字节= Encoding.Uni code.GetBytes(密码);
字节[] SRC = Encoding.Uni code.GetBytes(盐);
字节[] = DST新的字节[src.Length + bytes.Length]; Buffer.BlockCopy(源,0,dst的,0,src.Length);
Buffer.BlockCopy(字节,0,DST,src.Length,bytes.Length); 算法的HashAlgorithm = HashAlgorithm.Create(SHA1); 字节[] = inArray algorithm.ComputeHash(DST); 返回Convert.ToBase64String(inArray);
}私人字节[] createSalt(字节[] saltSize)
{
字节[] = saltBytes saltSize; RNGCryptoServiceProvider RNG =新RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes); 返回saltBytes;
}
所以,我没有试过,看看ASP.NET成员资格将认识到这一点尚未哈希密码看起来接近。我只是不知道如何将它转换为Base64的盐。
我这样做
字节[] = storeSalt createSalt(新字节[128]);
字符串盐= Encoding.Uni code.GetString(storeSalt);
字符串base64Salt = Convert.ToBase64String(storeSalt);INT测试= base64Salt.Length;
测试长度为172这是远远超过了128位,使我究竟做错了什么?
这就是他们的盐看起来像
vkNj4EvbEPbk1HHW + K8y / A ==
这就是我的盐看起来像
的 什么是ASP.NET成员资格使用默认的哈希算法? 的有他们的默认算法的一个很好的讨论。
我希望帮助!
编辑 -
我指的答案是在顶级职位的code,
公共字符串连接codePassword(字符串传递,字符串盐)
{
字节[]字节= Encoding.Uni code.GetBytes(PASS);
//字节[] SRC = Encoding.Uni code.GetBytes(盐);更正2013年5月15日
字节[] SRC = Convert.FromBase64String(盐);
字节[] = DST新的字节[src.Length + bytes.Length];
Buffer.BlockCopy(源,0,dst的,0,src.Length);
Buffer.BlockCopy(字节,0,DST,src.Length,bytes.Length);
算法的HashAlgorithm = HashAlgorithm.Create(SHA1);
字节[] = inArray algorithm.ComputeHash(DST);
返回Convert.ToBase64String(inArray);
}
他们使用BlockCopy结合统一code盐+通
- 在回答你的问题:
这两种算法是必要的,满足不同的角色...
RNG加密用于生成的盐。它基本上是随机数据的长字符串。此被产生并存储在每个用户的基础上。创建用户时或密码被改变通常这样做。
BlockCopy只是他们使用该盐与密码结合方法。以上code基本上等同于盐+密码。
您不会能够重新盐的价值,因为它是完全随机的。据,但是,存储由框架的每个用户。
结合密码盐和使用上述技术将允许您验证使用由框架存储在散列值用户的密码哈希处理。
我想我们都不同看了你的问题。在code我张贴不会产生你的盐,但它会让你的方式,与ASP.NET成员资格兼容使用。
对不起我的解释是不BEST-这是否回答你的问题?
How does ASP.NET membership generate their salt key and then how do they encode it (that is, is it salt + password or password + salt)?
I am using SHA-1 with my membership, but I would like to recreate the same salts so the built-in membership stuff could hash the stuff the same way as my stuff can.
Edit 2: Never mind. I misread it and was thinking it said bytes, not bits. So I was passing in 128 bytes, not 128 bits.
Edit: I been trying to make it so. This is what I have,
public string EncodePassword(string password, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] src = Encoding.Unicode.GetBytes(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
private byte[] createSalt(byte[] saltSize)
{
byte[] saltBytes = saltSize;
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes);
return saltBytes;
}
So I have not tried to see if the ASP.NET membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt.
I did this
byte[] storeSalt = createSalt(new byte[128]);
string salt = Encoding.Unicode.GetString(storeSalt);
string base64Salt = Convert.ToBase64String(storeSalt);
int test = base64Salt.Length;
Test length is 172 which is well over the 128 bits so what am I doing wrong?
This is what their salt looks like
vkNj4EvbEPbk1HHW+K8y/A==
This is what my salt looks like
E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=
What is default hash algorithm that ASP.NET membership uses? has a good discussion of their default algorithm.
I hope that helps!
Edit- The answer I was referring to is the code in the top post,
public string EncodePassword(string pass, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
//byte[] src = Encoding.Unicode.GetBytes(salt); Corrected 5/15/2013
byte[] src = Convert.FromBase64String(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
They are combining Unicode Salt + Pass using BlockCopy
-- In response to your question:
Both algorithms are necessary and fulfill different roles...
RNG Crypto is used to generate the salt. It is basically a long string of random data. This is generated and stored on a per user basis. Typically this is done when a user is created or a password is changed.
BlockCopy is just the method they use to combine the salt with the password. The above code essentially equates to salt + password.
You aren't going to be able to recreate a salt value as it is completely random. It is, however, stored for each user by the framework.
Combining the salt with the password and hashing it using the technique above will allow you to verify users passwords using the hashed value stored by the framework.
I think we both read your question differently. The code I posted won't generate your salt, but it will let you use it in a way that is compatible with ASP.NET membership.
Sorry my explanation isn't the best- does that answer your question?
这篇关于ASP.NET成员资格盐?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
