【发布时间】:2014-10-13 09:34:47
【问题描述】:
我正在尝试使用username 作为盐来计算密码哈希。我已经在 MySQL 数据库中存储了 password_hash 和 password_salt。
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', HEX(@salt)), 256)));
通过使用上述方法,我将值插入数据库。现在我正在尝试通过username 和password 登录我的网站,但我在向用户进行身份验证时遇到了问题。我正在尝试在 c# 中计算密码的哈希值,但我弄错了。我试过下面的代码。
byte[] ComputedHashpass = ComputeHash("ajay", "ajay123");
var result = ComputedHashpass.SequenceEqual(passHash);
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
byte[] plainHash = hash.ComputeHash(plainTextBytes);
byte[] concat = new byte[plainHash.Length + saltBytes.Length];
System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
更新方法
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
//byte[] plainHash = hash.ComputeHash(plainTextBytes);
// Compute hash value of salt.
byte[] saltHash = hash.ComputeHash(saltBytes);
byte[] concat = new byte[plainTextBytes.Length + saltHash.Length];
System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
System.Buffer.BlockCopy(saltHash, 0, concat, plainTextBytes.Length, saltHash.Length);
//byte[] concat = new byte[plainHash.Length + saltBytes.Length];
//System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
//System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
这里我用盐作为username。有人可以帮我解决这个问题。如何计算哈希密码?
我想做以下步骤。
检查用户名/密码组合是否有效:
1: Query the salt using the entered username
2: Apply the hash function to the password and salt
3: Compare the result against the stored hash
【问题讨论】:
标签: c# mysql asp.net hash sha256