复制在ASP.net C#PHPBB密码哈希 [英] Replicate PHPBB password hashing in ASP.net c#
问题描述
我使用的是PHPBB 3.0.8的时刻。它拥有3000用户和大约60,000岗位。我改变了论坛上一个不同的,写在传统的ASP(我知道人们会不同意这一点,但我有足够的理由)。
I'm using phpbb 3.0.8 at the moment. It has 3,000 users and around 60,000 posts. I'm changing the forum to a different one, written in classic ASP (I know people are going to disapprove of this but I have good reasons).
我的网站是写在ASP.net。在传统的ASP论坛有连接到它的API。我设置这一切了,它工作正常。我已经写我自己的登录表单。
My site is written in ASP.net. The classic ASP forum has an API to connect to it. I've set all this up, and it works fine. I have written my own login form.
我要复制所有用户帐户上。目前论坛有表:
I want to copy all the user accounts over. The current forum has the table:
Username | Password | Hash | Salt
我已经overidden经典ASP散列技术到现在使用ASP.net Security.SHA1 散。密码存储为 SHA1(rawpassword +盐)。
我的计划是存储领域的新沿边当前的:
My plan is to store new fields along side the current ones:
UserID | Password | Hash | Salt | PHPBBHash
当用户登录时,如果PHPBB hashh字段设置,它哈希与PHPBB哈希密码。然后,如果登录SUCESSFUL,它将删除PHPBBHash领域,并创建当前系统的哈希值。通过这种方式,这是一个平稳过渡在从PHPBB的新论坛,也没有一个人失去他们的帐户。
When the user logs in, if the PHPBB hashh field is set, it hashes the password with the PHPBB hash. Then, if login is sucessful, it deletes the PHPBBHash field, and creates the current systems hash values. This way, it's a smooth transition over from PHPBB to the new forum, and no one loses their accounts.
我的问题是,给定一个PHPBB的哈希,用户名和密码,在ASP.net C#我怎么能确认的PHPBB哈希?它是如何计算的呢?
My problem is, given a PHPBB hash, a username, and password, in ASP.net c# how can I verify the PHPBB hash? How does it calculate it?
我担心的也是经典的ASP散列函数自称是SHA1,但它产生不同的结果,为 Securiy.SHA1 。
My concern is also that the classic ASP hash function claimed to be SHA1, but it produced different results to Securiy.SHA1.
我已经把赏金这个,如果任何人都可以给我一个明确的解决办法,我AP preciate答案链接到的资源,但我仍然在努力理解它。
I've put a bounty on this if anyone can give me a definitive solution, I appreciate the answer linking to the resources but I'm still struggling to understand it.
原始密码:
blingblangblaow222
在URL转发数据库:
username: Tom
username_clean: tom
user_password: $H$9ojo08A3LuhnkXR27p.WK7dJmOdazh0
user_passchg: 1301433947
user_form_salt: 637f480dfdab84ef
运用Vishalgiris答案例如:code,我们这样做:
Using the example code from Vishalgiris answer, we do this:
phpBB.phpBBCryptoServiceProvider cPhpBB = new phpBB.phpBBCryptoServiceProvider();
string remoteHash = "$H$9ojo08A3LuhnkXR27p.WK7dJmOdazh0";
bool result = cPhpBB.phpbbCheckHash("blingblangblaow222", remoteHash);
Response.Write("<BR><BR><BR>" + result);
这实际上返回true。超!但没有人知道为什么这个工程?我百思不得其解,似乎我不拿盐进去的。
This actually returns true. Super! But does anyone know why this works? I'm baffled, it doesn't seem to take salt into account at all.
推荐答案
好像你的回答是的在这里的phpBB社区,但是因为你已经知道,那是盐腌哈希,所以你需要使用的链接检查您的密码提供的功能,因为每当生成的哈希将发生变化。
Seems like your answer is here at phpBB community, however as you already know, it is salted hash so you need to use the function provided in the link to check your password, because the hash will change whenever generated.
请忽略,如果你已经尝试过的链接提供的code。
Please ignore if you already tried the code provided in the link.
希望它可以帮助...
Hope it helps...
还有一个选择是创建单独的PHP页面/服务,做密码哈希或哈希验证。
打造具有使用phpbb_hash功能,并检查使用phpbb_check_hash而这些功能都可以通过网页或服务暴露在ASP或ASP.NET。
One more option would be to create seperate php page/service, to do password hashing or hash validation. to create has use "phpbb_hash" function and to check use "phpbb_check_hash" and these functions can be exposed to ASP or ASP.NET via a page or service.
这篇关于复制在ASP.net C#PHPBB密码哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
