在 Vb.Net 中是否有等价的 PHP crypt($string,$salt)? 无法使用 $salt 找到/创建任何内容
[英]Is there a PHP crypt($string,$salt) equivalent in Vb.Net? Can't find/create any with $salt
问题描述
I'm trying to compile a software written in VB (I'm using VisualStudio2010, Framework 4) that lets users change their passwords on a website (sadly the website default changepassword form doesn't work, and I can't fix that via PHP).
我正在尝试编译一个用 VB 编写的软件(我使用的是 VisualStudio2010,框架 4),它允许用户在网站上更改他们的密码(遗憾的是网站默认的 changepassword 表单不起作用,我无法通过PHP)。
I don't have much experience with PHP and encrypting, so I looked on the internet for some solutions for VB.Net, but didn't get the expected results after 2 days of trying.我对 PHP 和加密没有太多经验,所以我在互联网上寻找 VB.Net 的一些解决方案,但经过 2 天的尝试并没有得到预期的结果。
I did some research, and that's what I learned: Website's PHP code uses the crypt($string,$salt) function to create the hashed password.我做了一些研究,这就是我学到的:网站的 PHP 代码使用 crypt($string,$salt) 函数来创建散列密码。 The encoding is a MD5 algorithm, as my salt is something like '$1$ad000000$' for every password in website's database.编码是 MD5 算法,因为我的 salt 类似于网站数据库中每个密码的“$1$ad000000$”。
I tried to replicate it in VB and the issues start on the ComputeHash(buffer() as Byte), as it doesn't support a "Salt" String.我尝试在 VB 中复制它,问题始于 ComputeHash(buffer() as Byte),因为它不支持“Salt”字符串。
The code on PHP is as simple as that: PHP 上的代码就是这么简单:
$EncryptedPassword = crypt($userPassword, $salt);
The salt is generated to look like, for example, "$1$ad000000$"生成的盐看起来像,例如,“$1$ad000000$”
The $EncryptedPassword length is 34 (12salt + 22hash), but I guess this is a standard length of the crypt() function, given a specific salt. $EncryptedPassword 长度为 34(12salt + 22hash),但我猜这是 crypt() 函数的标准长度,给定特定的盐。
This is what I'm currently trying on VB:这就是我目前在 VB 上的尝试:
Dim Hashata = GetHash("asdkFAofkas", "$1$ad000000$")
Private Function GetHash(ByVal p1 As String, ByVal Salt As String) As Object
Using hasher As MD5 = MD5.Create()
Dim dbytes As Byte() = hasher.ComputeHash(Encoding.UTF8.GetBytes(p1 & Salt))
Dim Conversione = Convert.ToBase64String(dbytes)
Return Conversione
End Using
End Function
The return string is a 24-character string always ending with "==" no matter what "p1" is, and I read on the internet that these last two characters are optional, so when creating the password-hash with Salt, I just do:返回字符串是一个 24 个字符的字符串,无论 "p1" 是什么,总是以 "==" 结尾,我在互联网上看到这最后两个字符是可选的,所以当用 Salt 创建密码哈希时,我只是做:
Dim StoredPassword = Salt & Hashata.Substring(0,Hashata.Length-2)
The created StoredPassword (VB) doesn't coincide with the password (PHP) in the DataBase when I write the same Password.当我编写相同的密码时,创建的 StoredPassword (VB) 与数据库中的密码 (PHP) 不一致。 I tried this with creating multiple users on the website with the same Password, and they are all hashed in the same way in the Database.我尝试使用相同的密码在网站上创建多个用户,并且它们在数据库中都以相同的方式散列。
For example, this is what I have in the Database:例如,这是我在数据库中的内容:
-------------------------------------------------
| Username | Password |
-------------------------------------------------
|test1 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|test2 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|test3 |$1$ad000000$kcpPLtMxsedGD0d39UnXQg |
-------------------------------------------------
|testVB |$1$ad000000$5u-9pdu3HDnXt5pGdXZNug |
-------------------------------------------------
test1,test2,test3 have passwords made on website test1,test2,test3 在网站上设置了密码
testVB has a password generated by VB's function above testVB有上面VB的函数生成的密码
I wrote the exact same password for test1,test2,test3 and testVB.我为 test1、test2、test3 和 testVB 写了完全相同的密码。
ALL passwords on the database have a length of 34 characters数据库上的所有密码的长度均为 34 个字符
I already tried the following (on VB, as I can't modify website's PHP):我已经尝试了以下(在 VB 上,因为我无法修改网站的 PHP):
Encode only p1, only Salt, both variables mixed (like in the code above)
只编码 p1,只编码 Salt,两个变量混合(如上面的代码)Convert p1 and Salt to a hex string (first only one, then only the other one, then both, etc...) before encoding them singularly or while mixing them
在单独编码或混合它们之前将 p1 和 Salt 转换为十六进制字符串(首先只有一个,然后只有另一个,然后是两个,等等...)Use different types of Encoding (UTF-7, UTF-16, UTF-32, "Default" and ASCII)
使用不同类型的编码(UTF-7、UTF-16、UTF-32、“默认”和 ASCII)
I'm pretty sure the issue is on the ComputeHash Function, which doesn't have a "Salt" property (it has an offset and count properties, but I didn't use them), and without that, it can't crypt in the way I'd like.我很确定问题出在 ComputeHash 函数上,它没有“Salt”属性(它有一个偏移量和计数属性,但我没有使用它们),没有它,它就不能加密以我喜欢的方式。
Is there a way to replicate PHP's crypt($string, $salt) function?有没有办法复制 PHP 的 crypt($string, $salt) 函数?
I can bet that without the $salt they coincide (I already found some solutions that worked like that, but I need that $salt for crypting because I cannot modify website's PHP code to crypt without $salt).我敢打赌,如果没有 $salt,它们会重合(我已经找到了一些类似的解决方案,但我需要使用 $salt 进行加密,因为我无法在没有 $salt 的情况下将网站的 PHP 代码修改为加密)。
Thanks a lot, sorry for the long read, I want to make sure I didn't miss anything :)非常感谢,抱歉阅读太长了,我想确保我没有错过任何东西:)
If there's something else I need to add, let me know!如果还有什么我需要补充的,请告诉我!
1 个解决方案
解决方案1
0 2019-10-25 20:35:16
Bcrypt.NET gives you want you want. Bcrypt.NET给你你想要的。
string passwordHash = BCrypt.HashPassword("my password");
if (BCrypt.Verify("my password", passwordHash)) {
// Valid
} else {
// Incorrect password
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.