C＃和Javascript之间SHA-256哈希值不同 [英] SHA-256 hashes different between C# and Javascript

问题描述

我目前正在研究一个涉及基于数据库行招生的信用卡刷卡项目。就像一个致电系统一样，CC号码的SHA-256散列必须与DB行中的散列相匹配才能被认为是合适的拾取。

然而， ，因为票房系统基于浏览器，拾取的CC号码必须在客户端哈希，使用Javascript，然后与之前下载的将会调用的数据进行比较。

然而，当尝试对数字进行散列时，散列总是与创建数据库行时使用的散列值不同（使用VB.NET和SQL Server 2008 R2）。例如，如果数据库中的CC号恰好是 4444333322221111 ，则来自.NET的结果散列将变为 xU6sVelMEme0N8aEcCKlNl5cG25kl8Mo5pzTowExenM = 。

然而，当我使用任何SHA-256哈希库来查找Javascript时，得到的哈希将始终为 NbjuSagE7lHVQzKSZG096bHtQoMLscYAXyuCXX0Wtw0 = 。

我假设这是某种Unicode / UTF-8问题，但无论我尝试什么，我都无法让哈希得到相同的结果，并且开始让我发疯。任何人都可以提供任何建议？

以下是可能提供一些见解的内容。请转至 http://www.insidepro.com/hashes.php?lang=eng 并插入4444333322221111不带引号进入密码框。然后，向下滚动到SHA-256部分。

您可以看到有四个结果，其中两个是我发布的哈希代码（第二个来自顶端作为Javascript哈希，最底层的是SQL哈希）。根据该页面，底部哈希结果是使用base 64字符串生成的，并且将密码设置为unicode格式。

我已经调查过这个并尝试了很多不同的函数来将密码编码成unicode格式，但无论我尝试什么小小的调整或其他函数，我都无法使它匹配我需要的散列码。

我正在研究在服务器端调用SHA-256函数时使用的参数。

更新：

所以为了确保我没有疯狂，我在调试时在即时窗口中运行了我用于CC号码的Hash方法。再一次，结果与以前一样。你可以在这里看到一个截图： http://i.imgur.com/raEyX.png

解决方案

Adam Liss 说得对当他提到.NET / SQL Server中的字符串之间的字节数组与JavaScript中的字符串不同时。 .NET中用于字符串 4444333322221111 的数组看起来像[52 0 52 0 52 0 52 0 51 0 51 0 ...等]，而Javascript中的相同内容看起来像[52 52 52 52 51 51 51 51 ...]。因此，对于不同的字节数组，我们生成了不同的哈希。

我可以通过修改基本的64 SHA-256散列算法来解决这个问题。 here ，其中每个字符从字符串中一次一个地拉出来以生成哈希。

不是这样做，我首先将字符串转换为一个类似unicode的字节数组（如上面的.NET例子，52 0 52 0等）到哈希算法，而不是字符串，并做了一些非常小的调整，以便它抓住每个数组成员来生成哈希。低，看，它的工作，现在我有一个非常方便的方法来散列CC数字以相同的方式作为.NET框架快速和简单的订单查找。

I am currently working on a project that will involve credit card swipes for admissions based on database rows. Like a will call system, the SHA-256 hash of the CC number must match the hash in the DB row in order to be considered the "proper pickup".

However, because the box office system is based in the browser, the CC number on pickup must be hashed client-side, using Javascript, and then compared to the previously downloaded will call data.

However when trying to hash the numbers, the hash always ends up different than what was hashed when the DB row was created (using VB.NET and SQL Server 2008 R2). For example, if a CC number in the database happened to be 4444333322221111, then the resulting hash from .NET would become xU6sVelMEme0N8aEcCKlNl5cG25kl8Mo5pzTowExenM=.

However, when using any SHA-256 hash library for Javascript I could find, the resulting hash would always be NbjuSagE7lHVQzKSZG096bHtQoMLscYAXyuCXX0Wtw0=.

I'm assuming this is some kind of Unicode/UTF-8 issue, but no matter what I try I cannot get the hashes to come out the same and it's starting to drive me crazy. Can anyone offer any advice?

Here's something that may provide some insight. Please go to http://www.insidepro.com/hashes.php?lang=eng and insert "4444333322221111" without quotes into the Password box. Afterwards, scroll down to the SHA-256 section.

You can see that there are four results, two of them are the hash codes I posted (the second from the top being the Javascript hash and the bottom one being the SQL hash). According to that page, the bottom hash result is generated using a base 64 string, as well as making the password into unicode format.

I've investigated this and tried many different functions to encode the password into unicode format, but no matter what little tweaks I try or other functions I make, I could never get it to match the hash code I need.

I am currently investigating the parameters used when calling the SHA-256 function on the server side.

UPDATE:

So just to make sure I wasn't crazy, I ran the Hash method I'm using for the CC numbers in the immediate window while debugging. Again, the result remains the same as before. You can see a screenshot here: http://i.imgur.com/raEyX.png

解决方案

Adam Liss had it right when he mentioned the byte arrays between strings in .NET/SQL Server are different than strings in Javascript. The array in .NET for the string 4444333322221111 would look like [52 0 52 0 52 0 52 0 51 0 51 0... etc.] and the same thing in Javascript would just look like [52 52 52 52 51 51 51 51...]. Thus, with different byte arrays, different hashes were generated.

I was able to remedy this for my application by modifying the base 64 SHA-256 hashing algorithm from here, where each character is pulled from the string one at a time in order to generate the hash.

Rather than having it do it this way, I first converted the string into a unicode-like byte array (like the .NET example above, 52 0 52 0 etc), fed that array to the hashing algorithm instead of the string, and did some very minor tweaks in order for it to grab each array member to generate the hash. Low and behold, it worked and now I have a very convenient method of hashing CC numbers in the same fashion as the .NET framework for quick and easy order lookup.

这篇关于C＃和Javascript之间SHA-256哈希值不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！