用于工作密码哈希,现在我不能进入我的软件 [英] Password hashing used to work, now I can't get into my software
问题描述
公共类HashGenerator
{
公共字符串传递{搞定;保护套; }
公共字符串盐{搞定;保护套; }
公共HashGenerator(字符串密码,串盐)
{
通=密码;
盐=盐;
}
公共字符串GetHash()
{
SHA512 SHA =新SHA512CryptoServiceProvider();
字节[]数据= CryptUtility.GetBytes(的String.Format({0} {1},通,盐));
字节[] =哈希sha.ComputeHash(数据);
返回CryptUtility.GetString(散);
}
}
公共静态类SaltGenerator
{
私有静态RNGCryptoServiceProvider提供商= NULL;
私人const int的saltSize = 128;
静态SaltGenerator()
{
提供商=新RNGCryptoServiceProvider();
}
公共静态字符串GetSaltString()
{
字节[] = saltBytes新的字节[saltSize]
provider.GetNonZeroBytes(saltBytes);
返回CryptUtility.GetString(saltBytes);
}
}
地穴实用程序,用于获取字符串和字节
类CryptUtility
{
公共静态的byte [] GetBytes会(字符串str)
{
字节[]字节=新的字节[Str.Length *的sizeof(字符)];
System.Buffer.BlockCopy(Str.ToCharArray(),0,字节,0,bytes.Length);
返回字节;
}
公共静态字符串的GetString(字节[]字节)
{
的char [] =字符新的char [Bytes.Length /的sizeof(字符)];
System.Buffer.BlockCopy(字节,0,字符,0,Bytes.Length);
返回新的字符串(字符);
}
}
曾经工作过的登录名和验证码也没有自那时以来,改变了...这是唯一改变的是,在用户表中的密码和盐柱现在为nvarchar
而不是 VARCHAR
。
不过,我想我会创建与上面的方法添加一个新用户,但与该用户登录失败也是如此。
我真的不知所措对如何解决这个问题。我无法继续开发系统的其余部分,如果我不能访问它来测试。
任何帮助将不胜感激!
姆你不应该使用变量
哈希
块引用>
进行比较?
//哈希登录进行比较,存储密码哈希
HashGenerator H =新HashGenerator(密码,auser.usersalt);
字符串哈希= h.GetHash();
变种我们= ie.users.FirstOrDefault(U =>的String.Compare(u.emailaddress,EMAILADDRESS,FALSE)== 0安培;&放大器;的String.Compare(u.password,哈希,假)== 0);
I salted and hashed my logins according to this Code Project article
When I did this, my password and salt fields in the database were just varchar columns. The data was displayed in SQL Server Management Studio as question marks.
A friend then came and changed the columns to nvarchar data type and now the data appears to be a collection of Asian letters/words - I assume there's no sense behind it even to someone who does read whatever language it is.
The problem is that now, even when I created a new user, every login attempt fails.
User addition and login
public User Login() // returns an instance of its own class { // get the salt value for the user var auser = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0); if (auser == null) { throw new ValidationException("User not found"); } // hash the login for comparison to stored password hash HashGenerator h = new HashGenerator(password, auser.usersalt); string hash = h.GetHash(); var us = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0 && String.Compare(u.password, password, false) == 0); if (us == null) { throw new Exception("Invalid email address and/or password."); // seems here's where it goes wrong } User user = new User(); user.userid = us.userid; user.storeid = us.storeid; user.role = us.role; return user; // login succeeded, return the data to the calling method } public void Add() { user newuser = new user(); newuser.storeid = storeid; newuser.emailaddress = emailaddress; // Generate password hash string usersalt = SaltGenerator.GetSaltString(); HashGenerator hash = new HashGenerator(password, usersalt); newuser.password = hash.GetHash(); newuser.role = role; newuser.usersalt = usersalt; ie.users.Add(newuser); ie.SaveChanges(); }
Hash and Salt Generator
public class HashGenerator { public string pass { get; protected set; } public string salt { get; protected set; } public HashGenerator(string Password, string Salt) { pass = Password; salt = Salt; } public string GetHash() { SHA512 sha = new SHA512CryptoServiceProvider(); byte[] data = CryptUtility.GetBytes(String.Format("{0}{1}", pass, salt)); byte[] hash = sha.ComputeHash(data); return CryptUtility.GetString(hash); } } public static class SaltGenerator { private static RNGCryptoServiceProvider provider = null; private const int saltSize = 128; static SaltGenerator() { provider = new RNGCryptoServiceProvider(); } public static string GetSaltString() { byte[] saltBytes = new byte[saltSize]; provider.GetNonZeroBytes(saltBytes); return CryptUtility.GetString(saltBytes); } }
Crypt utility for getting strings and bytes
class CryptUtility { public static byte[] GetBytes(string Str) { byte[] bytes = new byte[Str.Length * sizeof(char)]; System.Buffer.BlockCopy(Str.ToCharArray(), 0, bytes, 0, bytes.Length); return bytes; } public static string GetString(byte[] Bytes) { char[] chars = new char[Bytes.Length / sizeof(char)]; System.Buffer.BlockCopy(Bytes, 0, chars, 0, Bytes.Length); return new string(chars); } }
The login used to work and this code hasn't changed since then... The only thing that's changed is that the password and salt columns in the users table are now
nvarchar
instead ofvarchar
.That said, I figured I'd create a new user with the add method above, but logging in with that user fails as well.
I'm really at a loss as to how to fix this. I can't proceed to develop the rest of the system if I can't access it to test.
Any help will be greatly appreciated!
解决方案humm shouldn't you be using the variable
hash
for the comparison ?
// hash the login for comparison to stored password hash HashGenerator h = new HashGenerator(password, auser.usersalt); string hash = h.GetHash(); var us = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0 && String.Compare(u.password, hash, false) == 0);
这篇关于用于工作密码哈希,现在我不能进入我的软件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!