比较 C# 和 ColdFusion 之间的密码哈希值 (CFMX_COMPAT) [英] Compare password hashes between C# and ColdFusion (CFMX_COMPAT)

问题描述

我有一个存储在表中的密码哈希，并由以下冷融合脚本放置在那里-

I have a password hash that is stored in a table and is put there by the following coldfusion script-

#Hash(Encrypt(Form.UserPassword,GetSiteVars.EnCode))#

我正在尝试在 c# 应用程序中添加一些外部功能.我希望能够利用已经存在的数据来验证用户身份.有谁知道我如何在c#中复制上面的coldfusion代码?

I am trying to add some outside functionality within a c# application. I would like to be able to take advantage of the data that already exists so that I can authenticate users. Does anyone know how I can replicate the above coldfusion code in c#?

感谢您的任何想法.

推荐答案

我将在下面保留原始答案内容以供历史参考，但需要注意的是这不是原始问题的有效答案.

I'll leave the original answer content below for historical reference, but it should be noted that this is NOT a working answer to the original question.

相反，请参阅 2011 年 1 月@Terrapin 在此线程中投票最高的答案.我希望 OP 看到这一点并可以更改已接受的答案.哎呀，我什至会标记模组，看看是否可以对此采取任何措施.

Instead, see the top-voted answer in this thread, by @Terrapin in January 2011. I hope the OP sees this and can change the accepted answer. Heck, I'll even flag the mods to see if anything can be done about this.

基于 Edward Smith 的回答以及 czuroski 的后续评论，这是我的解决方案.

To build on the answer by Edward Smith, and the follow-up comments by czuroski, here is my solution.

首先，您需要一个 C# 中的 XOR 函数，我取自 此处 并稍作修改.

First, you need an XOR function in C#, which I've taken from here and modified slightly.

using System;
using System.Collections.Generic;
using System.Text;

namespace SimpleXOREncryption
{    
    public static class EncryptorDecryptor
    {
        public static string EncryptDecrypt(string textToEncrypt, int key)
        {            
            StringBuilder inSb = new StringBuilder(textToEncrypt);
            StringBuilder outSb = new StringBuilder(textToEncrypt.Length);
            char c;
            for (int i = 0; i < textToEncrypt.Length; i++)
            {
                c = inSb[i];
                c = (char)(c ^ key);
                outSb.Append(c);
            }
            return outSb.ToString();
        }   
    }
}

然后，取 XOR 的结果并对其进行 base-64 编码.获得该字符串后，MD5 对其进行哈希处理.结果应与原始代码片段的结果匹配:

Then, take the result of the XOR and base-64 encode it. After you have that string, MD5 hash it. The result should match the result from the original code snippet:

#Hash(Encrypt(Form.UserPassword,GetSiteVars.EnCode))#

这篇关于比较 C# 和 ColdFusion 之间的密码哈希值 (CFMX_COMPAT)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！