在C#中可靠地重现在PHP中实现的传统密码哈希方法 [英] Reliably reproduce in C# a legacy password hashing method implemented in PHP
问题描述
我们正在将一个运行在Linux上的PHP应用程序迁移到我们在C#中实现并在Windows上运行的新单一登录(SSO)基础结构中。
$ b
在迁移过程中,我们需要我们的C#SSO基础结构能够以与PHP应用程序完全相同的方式对密码进行哈希处理。
尽管PHP应用程序使用了相当合理的密码散列算法,除了密码和salt之外,不幸的是,得到散列的字符串还包含盐值的余弦值(解释为整数)。 ...这是一个非常不寻常的决定,要放在中间。不出所料,事实证明,在PHP和C#中计算大整数的余弦会导致稍微不同的结果。这意味着我们可能无法在新的SSO基础架构中可靠地重新实现传统密码散列算法。
我们考虑的一个解决方案是在AWS Lambda中运行PHP密码散列函数并从我们的SSO基础架构中查询Lambda。
您可以考虑其他选项吗?
C's
cos(double)函数给出c = -0.57977754519881342
尽管您不直接说,但看起来这是您期待的结果因为(它肯定与 Math.Cos 的结果不同,不确定它是否与PHP按位相同)。
<因此,编译一个VS2017的DLL来做到这一点,然后P /调用它。或者在C运行库DLL中调用
cos(),这肯定会导出所有这些 #include functions。 c:\ Windows \ System32> dumpbin / exports msvcr120.dll |找到cos
1442 5A1 00081C44 acos
1443 5A2 00081F2C acosf
1444 5A3 000821B8 acosh
1445 5A4 0008227C acoshf
1446 5A5 0008233C acoshl
1472 5BF 00083ED4 cacos
1473 5C0 00084208 cacosf
1474 5C1 000844BC cacosh
1475 5C2 00084824 cacoshf
1476 5C3 00084AF4 cacoshl
1477 5C4 00084E5C cacosl
1497 5D8 00086CF4 ccos
1498 5D9 00086D70 ccosf
1499 5DA 00086EAC ccosh
1500 5DB 0008714C ccoshf
1501 5DC 000873AC ccoshl
1502 5DD 0008756C ccosl
1526 5F5 00088640 cos
1527 5F6 00088BA0 cosf
1528 5F7 000890A0 cosh
1529 5F8 00089574 coshf
c:\ Windows \ System32> dumpbin / exports msvcrt.dll |找到cos
1046 415 000372D0 acos
1047 416 00019BE0 acosf
1069 42C 000118F0 cos
1070 42D 00015480 cosf
1071 42E 000868F0 cosh
1072 42F 0001ABC0 coshf
We are migrating a PHP application that runs on Linux to our new Single Sign-On (SSO) infrastructure implemented in C# and running on Windows.
As part of the migration process, we need our C# SSO infrastructure to be able to hash passwords in the exact same way as the PHP application.
While the PHP application uses a rather reasonable password hashing algorithm, in addition to the password and salt the string that gets hashed unfortunately also contains the cosine of the salt value (interpreted as an integer)... A rather unusual decision, to put it midly.
Unsurprisingly, it turns out that computing the cosine of a large integer in PHP and in C# leads to slightly different results. This means that we probably cannot reliably reimplement the legacy password hashing algorithm in our new SSO infrastructure.
One solution we thought about is running the PHP password hashing function in an AWS Lambda and query that Lambda from our SSO infrastructure.
Can you think of other options?
In your other question you write that
C's
cos(double)function in a simple C program compiled with Visual Studio 2017 givesc = -0.57977754519881342
Although you don't say it outright, it appears that this is the result you're looking for (it's certainly different from the result of Math.Cos, not sure if it is bitwise identical to PHP).
So compile a DLL with VS2017 that does that and P/invoke it. Or P/invoke cos() in the C runtime library DLL, which assuredly does export all of these #include <math.h> functions.
c:\Windows\System32>dumpbin /exports msvcr120.dll | find "cos"
1442 5A1 00081C44 acos
1443 5A2 00081F2C acosf
1444 5A3 000821B8 acosh
1445 5A4 0008227C acoshf
1446 5A5 0008233C acoshl
1472 5BF 00083ED4 cacos
1473 5C0 00084208 cacosf
1474 5C1 000844BC cacosh
1475 5C2 00084824 cacoshf
1476 5C3 00084AF4 cacoshl
1477 5C4 00084E5C cacosl
1497 5D8 00086CF4 ccos
1498 5D9 00086D70 ccosf
1499 5DA 00086EAC ccosh
1500 5DB 0008714C ccoshf
1501 5DC 000873AC ccoshl
1502 5DD 0008756C ccosl
1526 5F5 00088640 cos
1527 5F6 00088BA0 cosf
1528 5F7 000890A0 cosh
1529 5F8 00089574 coshf
c:\Windows\System32>dumpbin /exports msvcrt.dll | find "cos"
1046 415 000372D0 acos
1047 416 00019BE0 acosf
1069 42C 000118F0 cos
1070 42D 00015480 cosf
1071 42E 000868F0 cosh
1072 42F 0001ABC0 coshf
这篇关于在C#中可靠地重现在PHP中实现的传统密码哈希方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
