堆栈内存溢出
  简体   繁体   English

在C#中使用Salt解密密码

[英]Decryption password using Salt in C#

 原文  2013-02-01 06:20:23       c#/ .net/ encryption/ saltedhash

问题描述

Currently i am using salt to encrypt the password. 目前,我正在使用Salt加密密码。 

public static SaltedHash Create(string password) 
        {
            string salt = _createSalt();
            string hash = _calculateHash(salt, password);
            return new SaltedHash(salt, hash);
        }

private static string _createSalt() 
        {
            byte[] r = _createRandomBytes(SALT_LENGTH);
            return Convert.ToBase64String(r);
        }
private static byte[] _createRandomBytes(int len) 
        {
            byte[] r = new byte[len];
            new RNGCryptoServiceProvider().GetBytes(r);
            return r;
        }
private static string _calculateHash(string salt, string password) 
        {
            byte[] data = _toByteArray(salt + password);
            byte[] hash = _calculateHash(data);
            return Convert.ToBase64String(hash);
        }
private static byte[] _toByteArray(string s) 
        {
            return System.Text.Encoding.UTF8.GetBytes(s);
        }
private static byte[] _calculateHash(byte[] data) 
        {
            return new SHA1CryptoServiceProvider().ComputeHash(data);
        }
/// <summary>
        /// This method verifies a password from a SaltedHash class.
        /// <param name="password">The password to verity</param>
        /// <returns>Boolean</returns>
        /// </summary>
        public bool Verify(string password) 
        {
            string h = _calculateHash(_salt, password);
            return _hash.Equals(h);
        }
/// <summary>
        /// This method creates a SaltedHash object from a salt and hash value. 
        /// <param name="salt">Salt value</param>
        /// <param name="hash">Hash value</param>
        /// <returns>SaltedHash class</returns>
        /// </summary>
        public static SaltedHash Create(string salt, string hash) 
        {
            return new SaltedHash(salt, hash);
        }

Now encryption is fine. 现在加密就可以了。 Now using the same technique i want to decrypt the password. 现在使用相同的技术,我想解密密码。

How to do this ? 这个怎么做 ? Thanks. 谢谢。

1 个解决方案

解决方案1
 9  2013-02-01 06:23:59

You are not encrypting the password, you are hashing it. 您没有加密密码,而是对其进行了哈希处理。

The idea of a hash is that it is a one-way function where it is computationally cheap to create a hash from original text, but computationally expensive to start with a hash and end up with plain text that would create that hash value. 哈希的想法是它是一种单向函数,从原始文本创建哈希在计算上很便宜,但从哈希开始到最终会创建该哈希值的纯文本在计算上却很昂贵。

Although there are various attacks to break SHA1 (your hash algorithm), there is no straightforward approach to "decrypt" the hashed value ("decrypt" in quotes means to find an input value that would correspond to the salted, hashed output value). 尽管有各种攻击可以破坏SHA1(您的哈希算法),但是没有直接的方法来“解密”哈希值(用引号引起的“解密”意味着找到与加盐的哈希输出值相对应的输入值)。

If you really do want to encrypt text, look into algorithms such as AES (also supported by the .NET framework). 如果您确实想加密文本,请查看诸如AES之类的算法(.NET框架也支持该算法)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用JavaScript将密码随机盐化并从C#进行验证 - Hash password with random salt using JavaScript and validate from C# 如何使用c#对密码值进行加密和散列? - How to salt and hash a password value using c#? 如何使用Salt和Hash在c#中解密密码? - How to Decrypt Password in c# using Salt and Hash.? C#哈希密码创建盐问题 - C# hash password create salt question 如何在C#中解码Salt + Hash密码? - How to decode the Salt + Hash Password in c#? c#sha256通过使用用户名作为盐计算密码哈希 - c# sha256 compute password hash by using username as salt 使用 Rfc2898DeriveBytes 在 C# 中用胡椒和盐散列密码 - Hashing a password with pepper and salt in C# using Rfc2898DeriveBytes 使用C#进行AES解密 - AES Decryption Using C# 在C#中使用Rijndael进行解密 - Decryption using Rijndael in C# 带有salt的MD5哈希,用于在C#中保存密码 - MD5 hash with salt for keeping password in DB in C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM