BCrypt 在给定相同的盐、字符串和因子的情况下生成不同的哈希
[英]BCrypt generating different hashes given the same salt, string, and factor
问题描述
Using one of the C# implementations of BCrypt to hash passwords and store them into a SQL database.
使用 BCrypt 的 C# 实现之一到 hash 密码并将它们存储到 SQL 数据库中。 However when I return to validate against the hash string BCrypt generates a different hash than the one in the database to compare to.但是,当我返回验证 hash 字符串时,BCrypt 生成的 hash 与数据库中要比较的 hash 不同。 The salts are visibly the same as well as the factors.盐和因素明显相同。
Here is what I know这是我所知道的
$2a$12$vF/1s3MqIzHwnDshyzH/rOYUelofrj4UWv./vzWqk4o2K0uwhix7W is actually "Qwerty123" and its stored in a column which is initialized to be [nvarchar] (200). $2a$12$vF/1s3MqIzHwnDshyzH/rOYUelofrj4UWv./vzWqk4o2K0uwhix7W 实际上是“Qwerty123”,它存储在一个初始化为 [nvarchar] (200) 的列中。
When I use the BCrypt.Verify() or BCrypt.CheckPassword() depending on the implementation, I trace it until just before it makes the comparison and the hash that it is about to compare to the before mentioned one is $2a$12$vF/1s3MqIzHwnDshyzH/rOKVRePZSXFXaIpDv6.IPkbPEoOxZgSEe当我根据实现使用 BCrypt.Verify() 或 BCrypt.CheckPassword() 时,我会跟踪它直到它进行比较之前,它即将与前面提到的比较的 hash 是 $2a$12$vF /1s3MqIzHwnDshyzH/rOKVRePZSXFXaIpDv6.IPkbPEoOxZgSEe
If you look close you can see that the salts and the factor parts are the same.如果您仔细观察,您会发现盐和因子部分是相同的。 Any idea what could be causing this?知道是什么原因造成的吗?
The explicit implementation I am working with can be found here http://bcrypt.codeplex.com/我正在使用的显式实现可以在这里找到http://bcrypt.codeplex.com/
My question could be related to ASP.NET MVC 3 app, BCrypt.CheckPassword failing我的问题可能与ASP.NET MVC 3 应用程序,BCrypt.CheckPassword 失败有关
2 个解决方案
解决方案1
2 2011-07-01 00:00:04
Suggestion for testing测试建议
private void FindWhatsFailing(string password) //password = Whatever you're passing in to verify BCrypt is working
{
const string expectedpassword = "Qwerty123";
if(expectedpassword != password)
{
Debug.WriteLine("My password isn't what I thought it was");
return;
}
string hashed = BCrypt.HashPassword(expectedpassword , BCrypt.GenerateSalt(12));
if(!BCrypt.Verify(expectedpassword , hashed))
{
Debug.WriteLine("Something is wrong with BCrypt");
return;
}
/// ... Test hashing password, compare to hash of expectedpassword, verify password against hash of itself and expectedpassword
Debug.WriteLine("Everything worked, maybe the database storage is off?");
}
If the Bcrypt.Verify isn't working in this example for you, I have no idea what's wrong, but I'm guessing Bcrypt isn't actually the issue here.如果 Bcrypt.Verify 在此示例中对您不起作用,我不知道出了什么问题,但我猜 Bcrypt 实际上不是这里的问题。
解决方案2
1 已采纳 2011-07-01 16:02:40
The problem was the input to Bcrypt.问题在于 Bcrypt 的输入。 I was using a Multiview and MultiViewPanels to collect user data(of which a password), allow user to verify all the data, then on the last MultiViewPanel add the user to the DB and in that process there were postbacks.我使用 Multiview 和 MultiViewPanels 来收集用户数据(其中有密码),允许用户验证所有数据,然后在最后一个 MultiViewPanel 上将用户添加到数据库中,并且在该过程中有回发。 After some research I found that password fields do not retain their text property after postbacks for security reasons and because I was passing txtPassword.text to Bcrypt this was the problem.经过一些研究,我发现出于安全原因,密码字段在回发后不会保留其文本属性,并且因为我将 txtPassword.text 传递给 Bcrypt,这就是问题所在。 This makes a new problem for me to look into.这给我带来了一个需要研究的新问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.