堆栈内存溢出
  简体   繁体   English

验证C#应用程序在php中加密的密码

[英]Verify password encrypted in php by C# application

 原文  2015-09-10 18:30:33       c#/ php/ wpf/ encryption/ bcrypt

问题描述

On my website there is a page where clients can store a password for use in applications they buy (usually one password for all apps for their convinience). 在我的网站上有一个页面,客户可以在其中存储用于购买的应用程序的密码(通常为了方便起见,所有应用程序都使用一个密码)。 Password is hashed with bcrypt using PHP code: 使用PHP代码使用bcrypt对密码进行哈希处理: 

if ( $app_pass != '' ){
  $mysalt= mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
  $options = [ 'cost' => 10, 'salt' => $mysalt,];
  $app_pass = password_hash( $app_pass, PASSWORD_BCRYPT, $options );
}
  • where $app_pass in if statement is plain text 其中if语句为纯文本格式的$app_pass
  • later becomes bcrypted hash 后来变成加密哈希
  • and that hash is then stored in MySQL database 然后将该哈希存储在MySQL数据库中

When clients start bought application on his PC, enters login and password, application connects to MySQL database, retrieves hashFromDb and try to verify entered password with BCryptHelper class: 当客户在他的PC上开始购买应用程序时,输入登录名和密码,应用程序连接到MySQL数据库,检索hashFromDb并尝试使用BCryptHelper类验证输入的密码: 

BCryptHelper.CheckPassword(passwordbox.Password, hashFromDb)

Yet it returns error code: 但是它返回错误代码:

An unhandled exception of type 'System.ArgumentException' occurred in DevOne.Security.Cryptography.BCrypt.dll DevOne.Security.Cryptography.BCrypt.dll中发生类型为'System.ArgumentException'的未处理异常

Additional information: Invalid salt revision 附加信息:无效的盐修订版

Is it the right approach to verify user entered password in WPF application against PHP encrypted password hash? 用PHP加密的密码哈希验证WPF应用程序中用户输入的密码是否正确?

2 个解决方案

解决方案1
 0 已采纳  2015-09-10 18:44:50

From the BCrypt source code , the System.ArgumentException is thrown by this logic: BCrypt源代码 ,此逻辑引发System.ArgumentException 

  if (salt[1] != '$') {
        minor = salt[2];
        if (minor != 'a' || salt[3] != '$') {
            throw new ArgumentException("Invalid salt revision");
        }

It appears, therefore, that the exception is thrown because the hash is not of a format that BCrypt supports. 因此,由于散列不是BCrypt支持的格式,因此似乎引发了异常。

From the PHP docs , password_hash with the PASSWORD_BCRYPT argument returns a hash that starts with $2y$ , while the BCrypt implementation used by C# expects one that starts with $2a$ . 从PHP文档中 ,带有PASSWORD_BCRYPT参数的password_hash返回以$2y$开头的哈希,而C#使用的BCrypt实现期望以$2a$开头的哈希。

I would recommend using a different method to generate the hash. 我建议使用其他方法来生成哈希。

EDIT: this Github thread has some good info on why this is happening 编辑: 这个Github线程有一些很好的信息,为什么会发生这种情况

解决方案2
 0  2017-12-21 04:53:41

extends method 扩展方法 

static class ExtentionMetsodString
{
    public static string ReplaceAt(this string str,int startIdx , string replaceStr)
    {
        StringBuilder strBuilder = new StringBuilder(str);
        int length = replaceStr.Length;

        strBuilder.Remove(startIdx, length);
        strBuilder.Insert(startIdx, replaceStr);
        return strBuilder.ToString();
    }
}

usage 用法 

string test = "0123456";
string output = test.ReplaceAt(2, "ab"); // ouput : 01ab456

cool

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#加密密码 - C# Encrypted Password 如何在Windows Form Application C#中验证Twitter的用户名和密码 - How to verify the username and password of Twitter in Window form Application c# 寻找 c# 相当于 php 的 password-verify() - looking for c# equivalent of php's password-verify() 我可以用c#解密用php中的PASSWORD_BCRYPT加密的密码吗? - Can I decrypt a password with c#, that was encrypted with PASSWORD_BCRYPT in php? 用C#解密用Java加密的密码 - Decrypt in C# a password encrypted in Java 在C#中解压缩密码加密的文件 - Unzip password-encrypted files in c# 要加密的请求中的C#Web服务密码 - C# web service password in the request to be encrypted C# 中密码加密 Sybase 的连接字符串 - Connection string for password encrypted Sybase in C# 如何在C#中的Cookie中存储加密密码? - How to store Encrypted Password in cookies in C#? C# 密码未正确加密 - C# password doesn't encrypted correctly
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM