解密加密的密码
[英]Decrypting an encrypted password
问题描述
In my project, I had Encrypt method and also a Decrypt method.
在我的项目中,我有 Encrypt 方法和 Decrypt 方法。 after a minor problem, a lot of the files got deleted and I am restoring them.在一个小问题之后,很多文件都被删除了,我正在恢复它们。 the problem is that the Decryption method is gone and I forgot where I got it from lol.问题是解密方法已经消失了,我忘记了我从哪里得到的,哈哈。
this is the enc method:这是 enc 方法:
public static string HashPassword(string password, string salt)
{
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: password,
salt: Encoding.UTF8.GetBytes(salt),
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
return hashed;
}
I know that I can compare the password with the salt and then see if the hash is the same, but if I remember correctly I also could decrypt an encrypted password somehow.我知道我可以将密码与盐进行比较,然后查看 hash 是否相同,但如果我没记错的话,我也可以以某种方式解密加密密码。
any help would be appreciated.任何帮助,将不胜感激。
2 个解决方案
解决方案1
1 2020-07-21 15:33:48
As @EjoshuaS said, you are a bit mistaken, but that being said I just want to show you how to verify the password using hash, salt that are stored in the database and the password the user has given.正如@EjoshuaS所说,您有点误会了,但话虽如此,我只是想向您展示如何使用 hash、存储在数据库中的盐和用户提供的密码来验证密码。 It might help somebody else.它可能会帮助其他人。 (I'm using HMACSHA512, but you can use HMACSHA1) (我使用的是 HMACSHA512,但你可以使用 HMACSHA1)
private void CreatePasswordHash(string password)
{
byte[] passwordHash, passwordSalt;
using(var hmac = new System.Security.Cryptography.HMACSHA512()){
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
}
}
private bool VerifyPassword(string password, byte[] passwordHash, byte[] passwordSalt)
{
using(var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt)){
var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); // Create hash using password salt.
for (int i = 0; i < computedHash.Length; i++){ // Loop through the byte array
if(computedHash[i] != passwordHash[i]) return false; // if mismatch
}
}
return true; //if no mismatches.
}
解决方案2
0 已采纳 2020-07-21 13:40:14
You're conflating two entirely different things here.你在这里把两个完全不同的东西混为一谈。 Hashing is not the same thing as encryption.散列与加密不同。
That being said, decryption "reverses" encryption, not hashing.话虽如此,解密“反转”加密,而不是散列。 There is no such thing as "dehashing."没有所谓的“去散列”。 The entire point of hashing is to be one-way.散列的全部目的是单向的。
Keep in mind that the entire purpose of encryption is to privately exchange information.请记住,加密的全部目的是私下交换信息。 However, presumably your customers would not want you to read their passwords (or to exchange them with someone else).但是,大概您的客户不希望您阅读他们的密码(或与其他人交换密码)。 The only reason you store this at all is so that you can determine whether someone who's trying to log in knows the password, and you really don't need to "know" what the password is yourself in order to do that - you just need to know whether the password the end user presents hashes to the same value as the one stored in your database.您存储此密码的唯一原因是,您可以确定尝试登录的人是否知道密码,并且您真的不需要自己“知道”密码是什么来做到这一点 - 您只需要了解最终用户提供的密码是否与存储在数据库中的值相同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.