【问题标题】:C# PasswordDeriveBytes: seems that Salt does'nt matterC# PasswordDeriveBytes:似乎 Salt 无关紧要
【发布时间】:2019-04-12 11:07:48
【问题描述】:

可能我误解了什么。 以下代码通过 CryptDeriveKey 使用两种不同的盐生成两个相等的密钥。

那是控制台结果:

盐1:21 3e 18 a3 9a 8b 5f

--> Key da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f 4a 52 15 26 68 ef 83

salt2: 9e 分贝 4c 2b 49 b4 24

--> Key da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f 4a 52 15 26 68 ef 83

我的错误是什么?

using System;
using System.Security.Cryptography;

namespace PasswordDeriveBytes_SaltDoesntMatter
{
    class Program
    {
        // for usage in CreateAndPrintKeyAndSalt
        private static readonly string password = "secret123";
        private static readonly TripleDESCryptoServiceProvider cryptoServiceProvider = new TripleDESCryptoServiceProvider();

        static void Main(string[] args)
        {
            byte[] salt1 = new byte[] { 33, 62, 24, 163, 154, 139, 95 };
            byte[] salt2 = new byte[] { 158, 219, 76, 43, 73, 180, 36 };

            // a TripleDESCryptoServiceProvider-instance for getting an IV

            CreateAndPrintKeyAndSalt("salt1", salt1);
            CreateAndPrintKeyAndSalt("salt2", salt2);
            Console.ReadKey();

        }

        /// <summary>
        /// print the salt and the CryptDeriveKey based on this salt
        /// !! uses the const password and cryptoServiceProvider
        /// </summary>
        /// <param name="saltName">name of the used salt</param>
        /// <param name="salt">the used salt</param>
        /// <param name="cryptoServiceProvider"></param>
        private static void CreateAndPrintKeyAndSalt(string saltName, byte[] salt)
        {
            PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, salt);
            byte[] aKey = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, cryptoServiceProvider.IV);
            Console.WriteLine($"{saltName}: {ByteArrayInHexText(salt)} --> Key {ByteArrayInHexText(aKey)}");
        }    

        /// <summary>
        /// returns a Textstring of each byte in arr in hex-formatting separated by space
        /// </summary>
        /// <param name="arr">the array</param>
        /// <returns>the formatted string</returns>
        public static string ByteArrayInHexText(byte[] arr)
        {
            string s = "";
            foreach (var item in arr)
            {
                s += $" {item:x2}";
            }
            return s.Substring(1);
        }

    }
}

【问题讨论】:

    标签: c# salt cryptostream


    【解决方案1】:

    thisMSDN博客:

    调用CryptDeriveKey时,设置的salt和迭代次数 没有使用 PasswordDeriveBytes 对象,所以即使有 给定的不同盐和迭代次数将产生相同的密钥 其余的输入也是一样的。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-05-11
      • 1970-01-01
      • 1970-01-01
      • 2012-03-03
      • 1970-01-01
      • 2021-10-30
      相关资源
      最近更新 更多