ColdFusion的 - cfusion_encrypt（）和cfusion_decrypt（） - C＃替代 [英] ColdFusion - cfusion_encrypt() and cfusion_decrypt() - C# alternative

问题描述

我有用户密码数据库，该数据库是通过cfusion_encrypt加密的（）。我需要在C＃中的ColdFusion代码做一个登录的选择。有没有简单的方法如何在C＃中模拟这种，所以我将能够比较用户密码的加密值，并将其匹配到ColdFusion价值？

I have a database with user passwords that are encrypted via cfusion_encrypt(). I need to do a login alternative for the ColdFusion code in C#. Is there any easy way how to emulate this in C# so I will be able to compare encrypted values of user passwords and match them to the ColdFusion values?

推荐答案

命名不佳 cfusion_encrypt（）不是的加密可言。它是一种内在的传统模糊算法，其使用是强烈反对。

The poorly named cfusion_encrypt() is not encryption at all. It is an internal, legacy obfuscation algorithm, whose use is strongly discouraged.

从本质上讲，它只是XOR的字节，类似这里所描述的方法（忽略的cfmx_compat ，这是一个不同的传统算法）。它提取纯文本字符串的字节。然后垫所提供的键字符串的长度相同，再次提取字节。最后，XOR是两个字节数组，并将结果编码为十六进制：

Essentially it just xor's the bytes, similar to the method described here (Ignore the mention of cfmx_compat, that is a different legacy algorithm). It extracts the bytes of a plain text string. Then pads the supplied key string to the same length, and again extracts the bytes. Finally it xor's the two byte arrays and encodes the result as hex:

 // xor bytes
 byte[] result = new byte[textBytes.Length];
 for (int i = 0; i < textBytes.Length; i++) {
      results[i] = (byte)(textBytes[i] ^ keyBytes [i]);
 } 
 // encode result as hex
 String hexResult = BitConverter.ToString(results).Replace("-", "");

的

cfusion_decrypt（）函数本质上是不同样的事情只有十六进制字符串解码成字节第一，并返回去模糊的结果作为一个普通的字符串，而不是十六进制。

The cfusion_decrypt() function does essentially the same thing only decoding the hex string into bytes first, and returns the "de-obfuscated" result as a plain string instead of hex.

现在你可以看到为什么不鼓励使用。由于@MartyPine和其他人的建议，更好的选择是让CF侧进行备份，然后通过 cfusion_decrypt 和散列（）它们来代替。它不仅是存储密码一个更好的办法，它也有被用C＃，或任何支持标准的算法，任何其他语言兼容的好处。

Now you can see why its use is discouraged. As @MartyPine and others suggested, the better option is to have the CF side make a backup, then run the passwords through cfusion_decrypt and hash() them instead. Not only is it a better way to store passwords, it also has the benefit of being compatible with C#, or any other language that supports the standard algorithms.

这篇关于ColdFusion的 - cfusion_encrypt（）和cfusion_decrypt（） - C＃替代的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！