[英]c# sha256 compute password hash by using username as salt
我正在尝试使用username
作为盐来计算密码哈希。 我已经将password_hash和password_salt存储在MySQL数据库中。
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', HEX(@salt)), 256)));
通过使用上述方法,我将该值插入数据库中。 现在,我试图通过username
和password
登录到我的站点,但是在向用户进行身份验证时遇到问题。 我正在尝试在C#中计算密码的哈希,但是我弄错了。 我试过下面的代码。
byte[] ComputedHashpass = ComputeHash("ajay", "ajay123");
var result = ComputedHashpass.SequenceEqual(passHash);
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
byte[] plainHash = hash.ComputeHash(plainTextBytes);
byte[] concat = new byte[plainHash.Length + saltBytes.Length];
System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
更新方法
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
//byte[] plainHash = hash.ComputeHash(plainTextBytes);
// Compute hash value of salt.
byte[] saltHash = hash.ComputeHash(saltBytes);
byte[] concat = new byte[plainTextBytes.Length + saltHash.Length];
System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
System.Buffer.BlockCopy(saltHash, 0, concat, plainTextBytes.Length, saltHash.Length);
//byte[] concat = new byte[plainHash.Length + saltBytes.Length];
//System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
//System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
在这里,我使用salt作为username
。 有人可以帮我解决这个问题吗? 如何计算哈希密码?
我要执行以下步骤。
要检查用户名/密码组合是否有效:
1: Query the salt using the entered username
2: Apply the hash function to the password and salt
3: Compare the result against the stored hash
更新2
(删除了之前的文字,以免混淆)。
您编写的更新代码不是我建议的。
这更像是我的建议:
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', @salt), 256)));
public static byte[] ComputeHash(string salt,string password)
{
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
byte[] concat = new byte[plainTextBytes.Length + saltBytes .Length];
System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
System.Buffer.BlockCopy(saltBytes , 0, concat, plainTextBytes.Length, saltBytes .Length);
SHA256Managed hash = new SHA256Managed();
byte[] tHashBytes = hash.ComputeHash(concat);
return tHashBytes;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.