用C盐渍SHA512，不能与Symfony2中的FOSUserBundle同步 [英] Salted sha512 in C, cannot synchronise with Symfony2's FOSUserBundle

问题描述

我的研究与开发被分离成两部分：

My developement is separated into two components :

• 网站，使用FOSUserBundle一个Symfony的应用程序，使用SHA512进行加密密码和盐。

一旦它的给定的盐，和明文口令
• 的认证模块，在C编程，这应该是能够重现SHA512盐腌散列

• 我使用的是Linux操作系统Ubuntu 12.04。


• LDD --version 答案 EGLIBC 2.15-0ubuntu10.4 2.15 的（也许我需要2.7？但 APT-获得是一个真正的痛苦，当谈到升级包正确）。


• 的 crypt.h 头文件中提到的 @（＃）crypt.h 1.5 96年12月20日的

• I'm using Linux Ubuntu 12.04.
• ldd --version answers EGLIBC 2.15-0ubuntu10.4 2.15 (maybe I need 2.7 ? But apt-get is a real PAIN when it comes to upgrading packages correctly).
• The crypt.h header files mentions @(#)crypt.h 1.5 12/20/96

发生认证模块在我的问题：我无法得到相同的哈希通过的Symfony的FOSUserBundle产生的之一。这里是我的例子：

My problem occurs in the authentication module : I'm unable to get the same hash as the one produced by Symfony's FOSUserBundle. Here's my example :

• 密码盐，由Symfony的应用，是 bcccy6eiye8kg44scw0wk8g4g0wc0sk 。


• 密码本身是测试

• The password salt, used by Symfony, is bcccy6eiye8kg44scw0wk8g4g0wc0sk.
• The password itself is test

有了这些信息，Symfony的门店这最后的哈希值：

With this information, Symfony stores this final hash :

fH5vVoACB4e8h1GX81n+aYiRkSWxeu4TmDibNChtLNZS3jmFKBZijGCXcfzCSJFg+YvNthxefHOBk65m/U+3OA==

现在，在我的C认证模块，我跑这片code（ crypt.h 包含）的：

Now, in my C authentication module, I run this piece of code (crypt.h is included) :

char* password = "test";
char* salt = "$6$bcccy6eiye8kg44scw0wk8g4g0wc0sk";

char* hash = malloc(256);
memset(hash, 0, 256);

encode64(crypt(password, salt), hash, strlen(password));
fprintf(stdout, "%s\n", hash);

（这里是我的base64 EN codeR： HTTP：//libremail.tuxfamily .ORG /源/的base64 c.htm ）

和这个输出...

JDYkYg==

这是从我的Symfony2哈希完全不同了。

Which is completely different from my Symfony2 hash.

浏览堆栈溢出，我发现这个问题（<一个href=\"http://stackoverflow.com/questions/14325341/symfony2-fosuserbundle-sha512-hash-doesnt-match-c-sharp-sha512-hash\">Symfony2 （FOSUserBundle）SHA512哈希值不匹配，C＃SHA512哈希）有人遇到同样的问题（用C＃编写的，虽然）。所以我决定运行这个测试...

Browsing Stack Overflow, I found this question (Symfony2 (FOSUserBundle) SHA512 hash doesn't match C# SHA512 hash) written by someone encountering the same issue (with C# though). So I decided to run this test...

char* password = "test{bcccy6eiye8kg44scw0wk8g4g0wc0sk}";
char* salt = "$6$bcccy6eiye8kg44scw0wk8g4g0wc0sk"; // I tried without salt, or with "$6$" as well.

char* hash = malloc(256);
memset(hash, 0, 256);

encode64(crypt(password, salt), hash, strlen(password));
fprintf(stdout, "%s\n", hash);

当然，这是一个彻底的失败，我得到了：

Of course, it was a complete failure, I got :

JDYkYmNjY3k2ZWl5ZThrZzQ0cyRycmN6TnpJUXFOYU1VRlZvMA==

我试过混合密码，并以各种方式的盐，但我从来没有得到过的Symfony的盐验证模块中。有什么我已经错过了在路上？我有误解的方式的Symfony的FOSUserBundle存储密码？

I've tried mixing the password and the salt in various ways, but I could never get the Symfony's salt in the authentication module. Is there something I've missed on the way ? Have I misunderstood the way Symfony's FOSUserBundle stores passwords ?

推荐答案

不是一个真正的答案，但我猜你没有仔细的Symfony如何连接codeS密码在任何细节？编码过程局促成一间codeR对象。对于SHA512我们使用：

Not really an answer but I'm guessing you have not looked into how Symfony encodes passwords in any great detail? The encoding process is tucked away into an encoder object. For SHA512 we use:

namespace Symfony\Component\Security\Core\Encoder;

class MessageDigestPasswordEncoder extends BasePasswordEncoder
{
/**
 * Constructor.
 *
 * @param string  $algorithm          The digest algorithm to use
 * @param Boolean $encodeHashAsBase64 Whether to base64 encode the password hash
 * @param integer $iterations         The number of iterations to use to stretch the password hash
 */
public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $iterations = 5000)
{
    $this->algorithm = $algorithm;
    $this->encodeHashAsBase64 = $encodeHashAsBase64;
    $this->iterations = $iterations;
}
public function encodePassword($raw, $salt)
{
    if (!in_array($this->algorithm, hash_algos(), true)) {
        throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
    }

    $salted = $this->mergePasswordAndSalt($raw, $salt);
    $digest = hash($this->algorithm, $salted, true);

    // "stretch" hash
    for ($i = 1; $i < $this->iterations; $i++) {
        $digest = hash($this->algorithm, $digest.$salted, true);
    }

    return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
}
public function isPasswordValid($encoded, $raw, $salt)
{
    return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
}
protected function mergePasswordAndSalt($password, $salt)
{
    if (empty($salt)) {
        return $password;
    }

    if (false !== strrpos($salt, '{') || false !== strrpos($salt, '}')) {
        throw new \InvalidArgumentException('Cannot use { or } in salt.');
    }

    return $password.'{'.$salt.'}';
}

正如你所看到的，一个直接的问题是，哈希默认情况下，重复5000次。这（以及其他输入都可以在你的应用程序/配置/ security.yml文件进行调整）。

As you can see, one immediate problem is that hashing is repeated 5000 times by default. This (as well as the other inputs can all be adjusted in you app/config/security.yml file).

您也可以看看那里的盐和密码获得合并在一起。这也解释了其他计算器答案。

You can also see where the salt and password get merged together. Which explains the other stackoverflow answer.

这将是微不足道的做一个symfony的命令只运行测试symfony的控制台此编码算法。之后，只是一个调整输入或调整您的C code，直到结果匹配的问题。

It would be trivial to make a symfony command to just run this encoding algorithm from the symfony console for testing. After that is just a question of adjusting the inputs or tweaking your C code until the results match.

如果你是幸运的，然后所有的必须做的就是添加的迭代循环。

If you are lucky then all your will have to do is add the iteration loop.

这篇关于用C盐渍SHA512，不能与Symfony2中的FOSUserBundle同步的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！