PHP SHA1与PasswordDeriveBytes SHA1 - 不同的长度

时间:2014-12-10 16:01:39

标签: c# php cryptography sha1

在这些帖子上阅读了这个问题(仅举两例)......

Encrypting / Decrypting in vb.net does not always return the same value

C# PasswordDeriveBytes Confusion

...我想知道是否有人知道微软用来锁定输出的方法?

要与其他人用C#编写的系统集成,我需要在PHP中生成一个大的哈希。生成SHA1哈希的代码生成32字节输出,而不是标准的20字节SHA1输出。那么有没有人破解微软如何填补剩余的12个字节?我已经尝试过很多组合,可以附加盐的SHA1,密码等,并附加在之前的迭代中,但似乎没有任何东西可以产生微软的输出。

我对https://stackoverflow.com/a/13482133/4346051 ...

上的评论略感担忧
  

" PasswordDeriveBytes使用未知的,专有的,非确定性的,破碎的,   PasswordDeriveBytes"

的加密不安全密钥拉伸方法

示例代码如下......

我需要在PHP中复制的C#代码,以便生成与第三方软件集成的正确哈希:

string sPassword = "iudF98yfh9aRfhanifakdfn0a4ut-a8J789jasdpasd=";
string sSalt = "lYU7m+MDCvVWVQyuLIX3og==";
int iLength = 256 / 8;
byte[] saltInBytes = Encoding.ASCII.GetBytes(sSalt);

PasswordDeriveBytes password = new PasswordDeriveBytes(sPassword, saltInBytes, "SHA1", 2);

byte[] keyBytes = password.GetBytes(iLength);

Console.WriteLine("\nkeyBytes = \n");

foreach (byte value in keyBytes)
{
    Console.WriteLine(value);
}

...输出......

0
176
172
127
35
113
212
85
123
19
71
65
23
127
84
165
163
225
80
207
67
125
128
205
188
248
103
52
23
245
111
20

我的相同功能的PHP代码是......

$sPassword = "iudF98yfh9aRfhanifakdfn0a4ut-a8J789jasdpasd=";
$sSalt = "lYU7m+MDCvVWVQyuLIX3og==";
$iIterations = 2;
$iLength = 256 / 8;

// combine password with salt
$key = $sPassword.$sSalt;

// perform sha1 how ever many times, using raw binary output instead of hex
for($i = 1; $i <= $iIterations; $i++) { 
    $key = sha1($key, true); 
}

// get the iLength number of chars
$key = substr($key, 0, $iLength);

$aKeyBytes = unpack('C*', $key);

print_r($aKeyBytes); 

......并且输出......

Array
(
    [1] => 0
    [2] => 176
    [3] => 172
    [4] => 127
    [5] => 35
    [6] => 113
    [7] => 212
    [8] => 85
    [9] => 123
    [10] => 19
    [11] => 71
    [12] => 65
    [13] => 23
    [14] => 127
    [15] => 84
    [16] => 165
    [17] => 163
    [18] => 225
    [19] => 80
    [20] => 207
)

...但是正如你所看到的,我们是12&#34;字节&#34;短。

不幸的是,它必须被复制 - 我无法修改C#以使用更好的方法 - 我无法控制那一方 - 我的PHP代码必须生成它

1 个答案:

答案 0 :(得分:-1)

I needed more or less the same thing - data encrypted using AES256-CBC in PHP that I needed to be able to decrypt using VB code.

Took me a while to search the internet and test various code samples, but I was able to get it working using information from the following posts:

Kind regards,

Sven