[英]Verify password encrypted in php by C# application
On my website there is a page where clients can store a password for use in applications they buy (usually one password for all apps for their convinience). 在我的网站上有一个页面,客户可以在其中存储用于购买的应用程序的密码(通常为了方便起见,所有应用程序都使用一个密码)。 Password is hashed with bcrypt using PHP code:
使用PHP代码使用bcrypt对密码进行哈希处理:
if ( $app_pass != '' ){
$mysalt= mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$options = [ 'cost' => 10, 'salt' => $mysalt,];
$app_pass = password_hash( $app_pass, PASSWORD_BCRYPT, $options );
}
$app_pass
in if
statement is plain text if
语句为纯文本格式的$app_pass
When clients start bought application on his PC, enters login and password, application connects to MySQL database, retrieves hashFromDb and try to verify entered password with BCryptHelper
class: 当客户在他的PC上开始购买应用程序时,输入登录名和密码,应用程序连接到MySQL数据库,检索hashFromDb并尝试使用
BCryptHelper
类验证输入的密码:
BCryptHelper.CheckPassword(passwordbox.Password, hashFromDb)
Yet it returns error code: 但是它返回错误代码:
An unhandled exception of type 'System.ArgumentException' occurred in DevOne.Security.Cryptography.BCrypt.dll
DevOne.Security.Cryptography.BCrypt.dll中发生类型为'System.ArgumentException'的未处理异常
Additional information: Invalid salt revision
附加信息:无效的盐修订版
Is it the right approach to verify user entered password in WPF application against PHP encrypted password hash? 用PHP加密的密码哈希验证WPF应用程序中用户输入的密码是否正确?
From the BCrypt
source code , the System.ArgumentException
is thrown by this logic: 从
BCrypt
源代码 ,此逻辑引发System.ArgumentException
:
if (salt[1] != '$') {
minor = salt[2];
if (minor != 'a' || salt[3] != '$') {
throw new ArgumentException("Invalid salt revision");
}
It appears, therefore, that the exception is thrown because the hash is not of a format that BCrypt
supports. 因此,由于散列不是
BCrypt
支持的格式,因此似乎引发了异常。
From the PHP docs , password_hash
with the PASSWORD_BCRYPT
argument returns a hash that starts with $2y$
, while the BCrypt
implementation used by C#
expects one that starts with $2a$
. 从PHP文档中 ,带有
PASSWORD_BCRYPT
参数的password_hash
返回以$2y$
开头的哈希,而C#
使用的BCrypt
实现期望以$2a$
开头的哈希。
I would recommend using a different method to generate the hash. 我建议使用其他方法来生成哈希。
EDIT: this Github thread has some good info on why this is happening 编辑: 这个Github线程有一些很好的信息,为什么会发生这种情况
extends method 扩展方法
static class ExtentionMetsodString
{
public static string ReplaceAt(this string str,int startIdx , string replaceStr)
{
StringBuilder strBuilder = new StringBuilder(str);
int length = replaceStr.Length;
strBuilder.Remove(startIdx, length);
strBuilder.Insert(startIdx, replaceStr);
return strBuilder.ToString();
}
}
usage 用法
string test = "0123456";
string output = test.ReplaceAt(2, "ab"); // ouput : 01ab456
cool 凉
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.