C#PasswordDeriveBytes:似乎Salt会';nt物质
也许我误解了什么。 下面的代码通过CryptDeriveKey和两个不同的salt生成两个相等的密钥 这就是控制台结果: SALT 1:21 3e 18 a3 9a 8b 5f -->钥匙da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f 4a 52 15 26 68 ef 83 SALT 2:9e db 4c 2b 49 b4 24 -->钥匙da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f 4a 52 15 26 68 ef 83 我犯了什么错C#PasswordDeriveBytes:似乎Salt会';nt物质,c#,salt,cryptostream,C#,Salt,Cryptostream,也许我误解了什么。 下面的代码通过CryptDeriveKey和两个不同的salt生成两个相等的密钥 这就是控制台结果: SALT 1:21 3e 18 a3 9a 8b 5f -->钥匙da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f 4a 52 15 26 68 ef 83 SALT 2:9e db 4c 2b 49 b4 24 -->钥匙da 89 ea 3d 91 08 20 98 20 e9 dc 45 d5 97 10 7f 8f
using System;
using System.Security.Cryptography;
namespace PasswordDeriveBytes_SaltDoesntMatter
{
class Program
{
// for usage in CreateAndPrintKeyAndSalt
private static readonly string password = "secret123";
private static readonly TripleDESCryptoServiceProvider cryptoServiceProvider = new TripleDESCryptoServiceProvider();
static void Main(string[] args)
{
byte[] salt1 = new byte[] { 33, 62, 24, 163, 154, 139, 95 };
byte[] salt2 = new byte[] { 158, 219, 76, 43, 73, 180, 36 };
// a TripleDESCryptoServiceProvider-instance for getting an IV
CreateAndPrintKeyAndSalt("salt1", salt1);
CreateAndPrintKeyAndSalt("salt2", salt2);
Console.ReadKey();
}
/// <summary>
/// print the salt and the CryptDeriveKey based on this salt
/// !! uses the const password and cryptoServiceProvider
/// </summary>
/// <param name="saltName">name of the used salt</param>
/// <param name="salt">the used salt</param>
/// <param name="cryptoServiceProvider"></param>
private static void CreateAndPrintKeyAndSalt(string saltName, byte[] salt)
{
PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, salt);
byte[] aKey = pdb.CryptDeriveKey("TripleDES", "SHA1", 192, cryptoServiceProvider.IV);
Console.WriteLine($"{saltName}: {ByteArrayInHexText(salt)} --> Key {ByteArrayInHexText(aKey)}");
}
/// <summary>
/// returns a Textstring of each byte in arr in hex-formatting separated by space
/// </summary>
/// <param name="arr">the array</param>
/// <returns>the formatted string</returns>
public static string ByteArrayInHexText(byte[] arr)
{
string s = "";
foreach (var item in arr)
{
s += $" {item:x2}";
}
return s.Substring(1);
}
}
}
使用系统;
使用System.Security.Cryptography;
命名空间密码deriveBytes\u SaltDoesntMatter
{
班级计划
{
//用于CreateAndPrintKeyAndSalt
私有静态只读字符串password=“secret123”;
私有静态只读TripleDESCryptoServiceProvider cryptoServiceProvider=新的TripleDESCryptoServiceProvider();
静态void Main(字符串[]参数)
{
字节[]salt1=新字节[]{33,62,24,163,154,139,95};
字节[]salt2=新字节[]{158、219、76、43、73、180、36};
//用于获取IV的TripleDESCryptoServiceProvider实例
CreateAndPrintKeyAndSalt(“salt1”,salt1);
CreateAndPrintKeyAndSalt(“salt2”,salt2);
Console.ReadKey();
}
///
///基于此salt打印salt和CryptDeriveKey
///!!使用常量密码和cryptoServiceProvider
///
///用过的盐的名称
///用过的盐
///
私有静态void CreateAndPrintKeyAndSalt(字符串saltName,字节[]salt)
{
PasswordDeriveBytes pdb=新的PasswordDeriveBytes(密码,salt);
字节[]aKey=pdb.CryptDeriveKey(“TripleDES”,“SHA1”,192,cryptoServiceProvider.IV);
WriteLine($“{saltName}:{ByteArrayInHexText(salt)}-->键{ByteArrayInHexText(aKey)}”);
}
///
///以十六进制格式返回arr中每个字节的文本字符串,以空格分隔
///
///阵列
///格式化的字符串
公共静态字符串ByteArrayHextText(字节[]arr)
{
字符串s=“”;
foreach(arr中的var项目)
{
s+=$“{item:x2}”;
}
返回s.子串(1);
}
}
}
根据MSDN博客:
调用CryptDeriveKey时,设置的salt和迭代计数
在PasswordDeriveBytes对象上不使用,因此
不同的盐和迭代计数将生成给定的相同密钥
其余的输入也是相同的