[英]Is there a PHP crypt($string,$salt) equivalent in Vb.Net? Can't find/create any with $salt
I'm trying to compile a software written in VB (I'm using VisualStudio2010, Framework 4) that lets users change their passwords on a website (sadly the website default changepassword form doesn't work, and I can't fix that via PHP).我正在尝试编译一个用 VB 编写的软件(我使用的是 VisualStudio2010,框架 4),它允许用户在网站上更改他们的密码(遗憾的是网站默认的 changepassword 表单不起作用,我无法通过PHP)。
I don't have much experience with PHP and encrypting, so I looked on the internet for some solutions for VB.Net, but didn't get the expected results after 2 days of trying.我对 PHP 和加密没有太多经验,所以我在互联网上寻找 VB.Net 的一些解决方案,但经过 2 天的尝试并没有得到预期的结果。
I did some research, and that's what I learned: Website's PHP code uses the crypt($string,$salt) function to create the hashed password.我做了一些研究,这就是我学到的:网站的 PHP 代码使用 crypt($string,$salt) 函数来创建散列密码。 The encoding is a MD5 algorithm, as my salt is something like '$1$ad000000$' for every password in website's database.
编码是 MD5 算法,因为我的 salt 类似于网站数据库中每个密码的“$1$ad000000$”。
I tried to replicate it in VB and the issues start on the ComputeHash(buffer() as Byte), as it doesn't support a "Salt" String.我尝试在 VB 中复制它,问题始于 ComputeHash(buffer() as Byte),因为它不支持“Salt”字符串。
The code on PHP is as simple as that: PHP 上的代码就是这么简单:
$EncryptedPassword = crypt($userPassword, $salt);
The salt is generated to look like, for example, "$1$ad000000$"生成的盐看起来像,例如,“$1$ad000000$”
The $EncryptedPassword length is 34 (12salt + 22hash), but I guess this is a standard length of the crypt() function, given a specific salt. $EncryptedPassword 长度为 34(12salt + 22hash),但我猜这是 crypt() 函数的标准长度,给定特定的盐。
This is what I'm currently trying on VB:这就是我目前在 VB 上的尝试:
Dim Hashata = GetHash("asdkFAofkas", "$1$ad000000$")
Private Function GetHash(ByVal p1 As String, ByVal Salt As String) As Object
Using hasher As MD5 = MD5.Create()
Dim dbytes As Byte() = hasher.ComputeHash(Encoding.UTF8.GetBytes(p1 & Salt))
Dim Conversione = Convert.ToBase64String(dbytes)
Return Conversione
End Using
End Function
The return string is a 24-character string always ending with "==" no matter what "p1" is, and I read on the internet that these last two characters are optional, so when creating the password-hash with Salt, I just do:返回字符串是一个 24 个字符的字符串,无论 "p1" 是什么,总是以 "==" 结尾,我在互联网上看到这最后两个字符是可选的,所以当用 Salt 创建密码哈希时,我只是做:
Dim StoredPassword = Salt & Hashata.Substring(0,Hashata.Length-2)
The created StoredPassword (VB) doesn't coincide with the password (PHP) in the DataBase when I write the same Password.当我编写相同的密码时,创建的 StoredPassword (VB) 与数据库中的密码 (PHP) 不一致。 I tried this with creating multiple users on the website with the same Password, and they are all hashed in the same way in the Database.
我尝试使用相同的密码在网站上创建多个用户,并且它们在数据库中都以相同的方式散列。
For example, this is what I have in the Database:例如,这是我在数据库中的内容:
-------------------------------------------------
| Username | Password |
-------------------------------------------------
|test1 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|test2 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|test3 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|testVB |$1$ad000000$5u-9pdu3HDnXt5pGdXZNug |
-------------------------------------------------
test1,test2,test3 have passwords made on website test1,test2,test3 在网站上设置了密码
testVB has a password generated by VB's function above testVB有上面VB的函数生成的密码
I wrote the exact same password for test1,test2,test3 and testVB.我为 test1、test2、test3 和 testVB 写了完全相同的密码。
ALL passwords on the database have a length of 34 characters数据库上的所有密码的长度均为 34 个字符
I already tried the following (on VB, as I can't modify website's PHP):我已经尝试了以下(在 VB 上,因为我无法修改网站的 PHP):
Encode only p1, only Salt, both variables mixed (like in the code above)只编码 p1,只编码 Salt,两个变量混合(如上面的代码)
Convert p1 and Salt to a hex string (first only one, then only the other one, then both, etc...) before encoding them singularly or while mixing them在单独编码或混合它们之前将 p1 和 Salt 转换为十六进制字符串(首先只有一个,然后只有另一个,然后是两个,等等...)
Use different types of Encoding (UTF-7, UTF-16, UTF-32, "Default" and ASCII)使用不同类型的编码(UTF-7、UTF-16、UTF-32、“默认”和 ASCII)
I'm pretty sure the issue is on the ComputeHash Function, which doesn't have a "Salt" property (it has an offset and count properties, but I didn't use them), and without that, it can't crypt in the way I'd like.我很确定问题出在 ComputeHash 函数上,它没有“Salt”属性(它有一个偏移量和计数属性,但我没有使用它们),没有它,它就不能加密以我喜欢的方式。
Is there a way to replicate PHP's crypt($string, $salt) function?有没有办法复制 PHP 的 crypt($string, $salt) 函数?
I can bet that without the $salt they coincide (I already found some solutions that worked like that, but I need that $salt for crypting because I cannot modify website's PHP code to crypt without $salt).我敢打赌,如果没有 $salt,它们会重合(我已经找到了一些类似的解决方案,但我需要使用 $salt 进行加密,因为我无法在没有 $salt 的情况下将网站的 PHP 代码修改为加密)。
Thanks a lot, sorry for the long read, I want to make sure I didn't miss anything :)非常感谢,抱歉阅读太长了,我想确保我没有错过任何东西:)
If there's something else I need to add, let me know!如果还有什么我需要补充的,请告诉我!
Bcrypt.NET gives you want you want. Bcrypt.NET给你你想要的。
string passwordHash = BCrypt.HashPassword("my password");
if (BCrypt.Verify("my password", passwordHash)) {
// Valid
} else {
// Incorrect password
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.