我正在尝试使用username计算密码哈希值。我在MySQL数据库中存储了password_hash和password_salt。
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', HEX(@salt)), 256)));
通过使用上面的方法,我将值插入数据库中。现在我尝试通过username和password登录我的网站,但我在向用户进行身份验证时遇到问题。我试图在c#中计算密码的哈希,但我错了。我试过以下代码。
byte[] ComputedHashpass = ComputeHash("ajay", "ajay123");
var result = ComputedHashpass.SequenceEqual(passHash);
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
byte[] plainHash = hash.ComputeHash(plainTextBytes);
byte[] concat = new byte[plainHash.Length + saltBytes.Length];
System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
更新方法
public static byte[] ComputeHash(string salt,string password)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
SHA256Managed hash = new SHA256Managed();
// Compute hash value of salt.
//byte[] plainHash = hash.ComputeHash(plainTextBytes);
// Compute hash value of salt.
byte[] saltHash = hash.ComputeHash(saltBytes);
byte[] concat = new byte[plainTextBytes.Length + saltHash.Length];
System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
System.Buffer.BlockCopy(saltHash, 0, concat, plainTextBytes.Length, saltHash.Length);
//byte[] concat = new byte[plainHash.Length + saltBytes.Length];
//System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
//System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);
byte[] tHashBytes = hash.ComputeHash(concat);
// Convert result into a base64-encoded string.
//string hashValue = Convert.ToBase64String(tHashBytes);
// Return the result.
//return hashValue;
return tHashBytes;
}
这里我用盐作为username。有人可以帮我解决这个问题。如何计算哈希密码?
我想做以下步骤。
检查用户名/密码组合是否有效:
1: Query the salt using the entered username
2: Apply the hash function to the password and salt
3: Compare the result against the stored hash
答案 0 :(得分:1)
更新2
(删除了以前的文字,以免混淆)。
你写的更新代码不是我提出的。
这更像我所说的:
-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));
-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', @salt), 256)));
public static byte[] ComputeHash(string salt,string password)
{
byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
byte[] concat = new byte[plainTextBytes.Length + saltBytes .Length];
System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
System.Buffer.BlockCopy(saltBytes , 0, concat, plainTextBytes.Length, saltBytes .Length);
SHA256Managed hash = new SHA256Managed();
byte[] tHashBytes = hash.ComputeHash(concat);
return tHashBytes;
}