经典的ASP和ASP.NET之间的密码加密/解密 [英] Password encryption/decryption between classic asp and ASP.NET
问题描述
我有2个网站:写在传统的ASP一个又一个写在ASP.NET(1.1框架)。这两个应用程序使用一个登录机制来验证基于一个共享数据库表的用户凭据。截至目前密码存储在一个单向MD5哈希,这意味着如果失去了旧的人必须被赋予了新生成的密码。我现在要改变这一点,使密码解密的。
I have 2 websites: one written in classic asp and another written in ASP.NET (1.1 framework). Both applications use a login mechanism to validate user credentials based on a shared database table. Up to now passwords are stored in a 1-way MD5 hash, meaning people must be given a new generated password if they lose the old one. I now want to change this and make the passwords decryptable.
我发现这个Rijndael算法code。与传统的ASP使用方法:
http://www.frez.co.uk/free$c$c热媒#Rijndael算法
I found this Rijndael code to use with classic asp: http://www.frez.co.uk/freecode.htm#rijndael
但我找不到ASP.NET同样的解决方案。我想这一点,但它给我的经典ASP和ASP.NET code之间不同的加密和解密的结果:
But I cannot find the same solution for ASP.NET. I tried this, but it gives me different encryption and decryption results between the classic asp and ASP.NET code:
If Not String.IsNullOrEmpty(TextBox1.Text) And Not String.IsNullOrEmpty(TextBox2.Text) Then
Dim password = TextBox1.Text
Dim key = TextBox2.Text
Dim keyGenerator = New Rfc2898DeriveBytes(key, 8)
Dim r = New RijndaelManaged
r.Mode = CipherMode.CBC
r.Padding = PaddingMode.Zeros
r.BlockSize = 256
r.KeySize = 256
r.FeedbackSize = 256
r.IV = keyGenerator.GetBytes(CType(r.BlockSize / 8, Integer))
r.Key = keyGenerator.GetBytes(CType(r.KeySize / 8, Integer))
Dim transform As ICryptoTransform = r.CreateEncryptor()
Dim encoded As Byte() = Encoding.ASCII.GetBytes(password)
Dim target As Byte() = transform.TransformFinalBlock(encoded, 0, encoded.Length)
TextBox3.Text = Encoding.ASCII.GetString(target)
End If
我觉得我做错了什么与生成密钥或IV,但我不能找到一个解决方案。
I think I'm doing something wrong with generating the key or iv, but I can't find a solution.
推荐答案
我有一个快速浏览一下经典的ASP文件并没有提到使用块模式,而你的.NET code指定CBC模式还填充。此外,该经典落实规定:
I had a quick look at the classic asp files and it doesn't mention the block mode used, whereas your .net code specifies CBC mode and also the padding. Further the classic implementation states:
3-APR-2001:功能添加到
底部加密/解密大
数据的阵列。的整个长度
该阵列被插入作为第一
四字节到的前
生成的字节的首块
前阵'加密。
' 3-Apr-2001: Functions added to the bottom for encrypting/decrypting large ' arrays of data. The entire length of the array is inserted as the first four ' bytes onto the front of the first block of the resultant byte array before ' encryption.
您使用了这些功能,如果你是那么你的加密字节大小也。
Are you using those functions, if you are then your encrypting the size bytes too.
放心的.NET加密效果很好,我猜你的问题是你已经找到了传统的解决方案。如果我处在你的位置,我会通过简化事情开始,只是每种方法加密一个单独的块,然后从那里展开......好运气
Be assured the .net encryption works well, I'd guess your problem is in the classic solution you've found. If I were in your position I'd start by simplifying things and just encrypt a single block with each method and then expand from there... good luck
这篇关于经典的ASP和ASP.NET之间的密码加密/解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
