C# 源字节数组到字符串,然后返回到字节数组与源不同
我对下一段(简化的)代码感到困惑。当用户注册时,它加密密码,将哈希转换为字符串,并将其保存在数据库中。在该用户尝试登录之后,代码从数据库中读取密码,获取其字节数,并与用户输入的密码的加密哈希进行比较C# 源字节数组到字符串,然后返回到字节数组与源不同,c#,unicode,C#,Unicode,我对下一段(简化的)代码感到困惑。当用户注册时,它加密密码,将哈希转换为字符串,并将其保存在数据库中。在该用户尝试登录之后,代码从数据库中读取密码,获取其字节数,并与用户输入的密码的加密哈希进行比较 static void Main(string[] args) { //User registration byte[] passwordBytes = Encoding.Unicode.GetBytes("P@ssword"); byte[] hashBytes = Get
static void Main(string[] args)
{
//User registration
byte[] passwordBytes = Encoding.Unicode.GetBytes("P@ssword");
byte[] hashBytes = GetHash(passwordBytes);
string stringFieldInDb = Encoding.Unicode.GetString(hashBytes); //password hash is being stored in database
//Check password
byte[] hashBytesInDb = Encoding.Unicode.GetBytes(stringFieldInDb); //was read from database
byte[] enteredPasswordBytes = Encoding.Unicode.GetBytes("P@ssword");
byte[] enteredPasswordHash = GetHash(enteredPasswordBytes);
//is false
var isPasswordValid = hashBytesInDb.SequenceEqual(enteredPasswordHash);
//this way is true
var isPasswordValid2 = stringFieldInDb == Encoding.Unicode.GetString(enteredPasswordHash);
}
private static byte[] GetHash(byte[] data)
{
return new SHA512CryptoServiceProvider().ComputeHash(data);
}
161, 127, 0, 49, 27, 146, **253, 255**, 109, 214, **253, 255**, 113, 75, 226, ...
161, 127, 0, 49, 27, 146, **74, 219**, 109, 214, **65, 220**, 113, 75, 226, ...
byte[] someCharBytes = new byte[] { 74, 219 };
string someChar = Encoding.Unicode.GetString(someCharBytes);
byte[] differentSomeCharBytes = Encoding.Unicode.GetBytes(someChar); //returns { 253, 255 }
您正在尝试将散列数据(基本上是随机字节)解释为有效的UTF-16数据。那是行不通的。并非所有字节组合都有效。您得到的特定字节是
U+FFFD替换字符base64编码非常流行。查看
Convert.ToBase64StringConvert.FromBase64StringU+FFFD替换字符base64编码非常流行。查看
Convert.ToBase64StringConvert.FromBase64StringRfc2898DeriveBytesRfc2898DeriveBytes