我的项目包含2个表单,一个用于注册用户,另一个用于登录。我使用紧凑的本地数据库来存储密码。我写了一个函数来在用户注册时加密密码。然后,当用户登录时,我写了另一个来解密相同的密码。
第一部分,加密,工作得很好。用户注册,我可以看到在数据库上加密的密码。但是,当我尝试登录时,密码不会被解密。这是我的功能。
Module EncryptionModule
Public Function base64Encode(ByVal sData As String) As String
Try
Dim encData_Byte As Byte() = New Byte(sData.Length - 1) {}
encData_Byte = System.Text.Encoding.UTF8.GetBytes(sData)
Dim encodedData As String = Convert.ToBase64String(encData_Byte)
Return (encodedData)
Catch ex As Exception
Throw (New Exception("Error is base64Encode" & ex.Message))
End Try
End Function
Public Function base64Decode(ByVal sData As String) As String
Dim encoder As New System.Text.UTF8Encoding()
Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
Dim decoded_char As Char() = New Char(charCount - 1) {}
utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
Dim result As String = New [String](decoded_char)
Return result
End Function
End Module
这是注册用户和加密密码的例程:
Private Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click
'If the username is taken or used on the
'database, then create account
If MasterTableAdapter.CheckUserName(txtUserName.Text) = Nothing Then
Dim pwd As String = base64Encode(Trim(txtConfirmPassword.Text))
MasterTableAdapter.CreateAccount(txtFName.Text, txtLName.Text, txtUserName.Text, pwd, int1)
MsgBox("An account has been created for: " & vbNewLine & _
"Employee: " & txtFName.Text & " " & txtLName.Text & vbNewLine & _
"User Name: " & txtUserName.Text & vbNewLine & _
"Access Level: " & strAccessLevel)
Me.Close()
Else
MessageBox.Show("The username is in use. Please select another username.", "Authentication Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub
以下是从登录表单登录和解密密码的例程:
Private Sub btnLogin_Click(sender as Object,e As EventArgs)处理btnLogin.Click
Dim pwd As String = base64Decode(Trim(txtPassword.Text))
If Not MasterTableAdapter.Login(txtUserName.Text, pwd) = Nothing Then
'frmWelcomePage.Show()
MsgBox("SUCCESS")
Else
'If no match, display error, clear text boxes and send focus back to the username text box.
MessageBox.Show("Username or password do not match", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
txtPassword.Text = Nothing
txtUserName.Text = Nothing
txtUserName.Focus()
End If
End if
End Sub
我是整个加密领域的新手,所以我不知道我在这里做错了什么。
答案 0 :(得分:4)
您不应该解密密码。
当用户创建密码时,您应该生成一个哈希值(即:无法重建密码的值)
当用户尝试登录时,您应该将给定密码的哈希值与存储的哈希进行比较。
答案 1 :(得分:2)
首先,Base64编码是不是加密。许多人可以查看B64字符串并知道如何解读它。您应该像podiluska建议的那样研究哈希技术。
那就是说,因为你的Decode方法无法解读你编码的内容,这意味着你在其中一个中有错误。可以对您正在进行的操作进行简单编码:
Dim s As String = "MySecretPassword"
' convert to byte array
Dim bArry() As Byte = System.Text.Encoding.UTF8.GetBytes(s)
' convert bytes to Base64:
Dim sb64 As String = System.Convert.ToBase64String(barry)
解码正好相反:
' Base64 -> Byte Array
Dim bOut() As Byte = System.Convert.FromBase64String(sb64)
' Byte Arry -> clear text
Dim sOut As String = System.Text.Encoding.UTF8.GetString(bOut)