[英]How to check ASP.NET password hash in node.js
First of all I read this Hashing a password using SHA256 and .NET/Node.js and it didn't help me. 首先,我使用SHA256和.NET / Node.js读取了这个Hashing密码 ,它对我没有帮助。
I have to verify passwords hashes created in ASP.NET in node.js environment. 我必须验证在node.js环境中在ASP.NET中创建的密码哈希。 I was told that passwords are generated using this algorithm: What is default hash algorithm that ASP.NET membership uses?
我被告知使用此算法生成密码: ASP.NET成员资格使用的默认哈希算法是什么? .
。
I have example password hash and salt (first line is password and second line is salt): 我有示例密码哈希和盐(第一行是密码,第二行是盐):
"Password": "jj/rf7OxXM263rPgvLan4M6Is7o=",
"PasswordSalt": "/Eju9rmaJp03e3+z1v5s+A==",
I know that hash algorithm is SHA1
and I know that above hash is generated for input test123
. 我知道哈希算法是
SHA1
,我知道上面的哈希是为输入test123
生成的。 However I can't reproduce hashing algorithm to get same hash for this input. 但是我不能重现散列算法来为此输入获取相同的散列。 What I tried:
我尝试了什么:
Password = "jj/rf7OxXM263rPgvLan4M6Is7o="
PasswordSalt = "/Eju9rmaJp03e3+z1v5s+A=="
crypto = require("crypto")
sha1 = crypto.createHash("sha1")
PasswordSalt = new Buffer(PasswordSalt, 'base64').toString('utf8')
sha1.update(PasswordSalt+"test123", "utf8")
result = sha1.digest("base64")
console.log(Password)
console.log(result)
Result is: 结果是:
jj/rf7OxXM263rPgvLan4M6Is7o=
xIjxRod4+HVYzlHZ9xomGGGY6d8=
I was able to get working C# algorithm: 我能够得到C#算法:
using System.IO;
using System;
using System.Text;
using System.Security.Cryptography;
class Program
{
static string EncodePassword(string pass, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Convert.FromBase64String(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
static void Main()
{
string pass = "test123";
string salt = "/Eju9rmaJp03e3+z1v5s+A==";
string hash = Program.EncodePassword(pass,salt);
Console.WriteLine(hash);
// outputs jj/rf7OxXM263rPgvLan4M6Is7o=
}
}
So now it is just a matter of porting this algorithm to node.js. 所以现在只需将此算法移植到node.js. The problem is that c# somehow magically operates on bytes and I don't know how to do it in node.
问题是c#以某种方式神奇地对字节进行操作,我不知道如何在节点中进行操作。 Consider following code (it does not use any salt - it just creates base64 sha1 from password:
考虑以下代码(它不使用任何盐 - 它只是从密码创建base64 sha1:
crypto = require("crypto")
pass = 'test123'
sha1 = crypto.createHash("sha1")
buf = new Buffer( pass, 'utf8')
sha1.update(buf)
result = sha1.digest("base64")
console.log(result)
// outputs cojt0Pw//L6ToM8G41aOKFIWh7w=
And in c# 并在c#
using System.Text;
using System.Security.Cryptography;
string pass = "test123";
byte[] bytes = Encoding.Unicode.GetBytes(pass);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(bytes);
string hash = Convert.ToBase64String(inArray);
Console.WriteLine(hash);
// outputs Oc/baVMs/zM28IqDqsQlJPQc1uk=
I need code in node.js that will return same value as code in c#. 我需要node.js中的代码,它将返回与c#中的代码相同的值。 Any ideas?
有任何想法吗?
I finally found the right answer here: https://gist.github.com/PalmerEk/1191651 (with little change from 'ucs2' to 'utf16le'): 我终于在这里找到了正确的答案: https : //gist.github.com/PalmerEk/1191651 (从'ucs2'到'utf16le'的变化很小):
function dotnet_membership_password_hash(pass, salt)
{
var bytes = new Buffer(pass || '', 'utf16le');
var src = new Buffer(salt || '', 'base64');
var dst = new Buffer(src.length + bytes.length);
src.copy(dst, 0, 0, src.length);
bytes.copy(dst, src.length, 0, bytes.length);
return crypto.createHash('sha1').update(dst).digest('base64');
}
there is a nodejs module which does all the magic for you. 有一个nodejs模块可以为你完成所有的魔法。 No function on stackoverflow worked in my case, but this module works:
stackoverflow上没有函数在我的情况下工作,但这个模块工作:
https://www.npmjs.com/package/aspnet-identity-pw https://www.npmjs.com/package/aspnet-identity-pw
var passwordHasher = require('aspnet-identity-pw');
var hashedPassword = passwordHasher.hashPassword('SomePassword');
var isValid = passwordHasher.validatePassword('SomePassword', hashedPassword);
Changing the encoding of the buffer to utf16le works for both examples you provided here. 将缓冲区的编码更改为utf16le适用于此处提供的两个示例。
This is confirmed by the following StackOverflow Answer . 这可以通过以下StackOverflow Answer确认。
This is further documented at the relevant .Net Framework documentation 这在相关的.Net Framework文档中进一步记录
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.