Vb.net 散列出错了
在登录期间,我使用相同的函数散列值以进行比较,就像在用户注册时散列密码一样:Vb.net 散列出错了,vb.net,hash,salt,sha,Vb.net,Hash,Salt,Sha,在登录期间,我使用相同的函数散列值以进行比较,就像在用户注册时散列密码一样: Public Shared Function Compute(ByVal text As String, ByVal algorithm As String, Optional ByVal salt() As Byte = Nothing) As String If salt Is Nothing Then Dim saltSize As Integer = 8 salt = N
Public Shared Function Compute(ByVal text As String, ByVal algorithm As String, Optional ByVal salt() As Byte = Nothing) As String
If salt Is Nothing Then
Dim saltSize As Integer = 8
salt = New Byte(saltSize - 1) {}
Dim rng As New RNGCryptoServiceProvider
rng.GetNonZeroBytes(salt)
End If
Dim textBytes As Byte() = Encoding.UTF8.GetBytes(text)
Dim saltedTextBytes() As Byte = New Byte(textBytes.Length + salt.Length - 1) {}
For i As Integer = 0 To textBytes.Length - 1
saltedTextBytes(i) = textBytes(i)
Next i
For i As Integer = 0 To salt.Length - 1
saltedTextBytes(textBytes.Length + i) = salt(i)
Next i
Dim hash As HashAlgorithm
If algorithm Is Nothing Then
algorithm = ""
End If
Select Case algorithm.ToUpper
Case "SHA1" : hash = New SHA1Managed
Case "SHA256" : hash = New SHA256Managed
Case "SHA384" : hash = New SHA384Managed
Case "SHA512" : hash = New SHA512Managed
Case Else : hash = New MD5CryptoServiceProvider
End Select
Dim hashBytes As Byte() = hash.ComputeHash(saltedTextBytes)
Dim saltedHash() As Byte = New Byte(hashBytes.Length + salt.Length - 1) {}
For i As Integer = 0 To hashBytes.Length - 1
saltedHash(i) = hashBytes(i)
Next i
For i As Integer = 0 To salt.Length - 1
saltedHash(hashBytes.Length + i) = salt(i)
Next i
Dim hashValue As String = Convert.ToBase64String(saltedHash)
Return Left(hashValue, 36)
End Function
我的问题是,当我尝试登录一个密码被此函数哈希的帐户时,哈希值不匹配。我想我跳过了一步什么的
以下是创建用户帐户的代码:
' The email address needs to be valid
Dim pattern As String = "^(?("")("".+?""@)|(([0-9a-zA-Z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-zA-Z])@))(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,6}))$"
Dim match As Match = Regex.Match(txtEmail.Text, pattern)
If match.Success Then
'Hash the user's password before entering it into the database.
Dim pass As String = Crypt.Compute(txtPass.Text, "SHA512", Nothing)
' Enter the information from the form into the database.
Dim sql As String = "INSERT INTO Users(Username, Password, EmailAddress) " & _
"VALUES(@User, @Pass, @Email)"
Dim cmd As New SqlCommand(sql, conn)
cmd.Parameters.AddWithValue("@User", txtName.Text)
cmd.Parameters.AddWithValue("@Pass", pass)
cmd.Parameters.AddWithValue("@Email", txtEmail.Text)
conn.Open()
cmd.ExecuteNonQuery()
conn.Close()
Else
lblError.Text = "Invalid email address. Please correct."
lblError.ForeColor = Drawing.Color.Red
End If
”电子邮件地址必须有效
调暗模式为String=“^(?“”(“+?”“@”)([0-9a-zA-Z]((\.(?!\))[124;[-!\$%和'\*\+/=\?\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\~\w])(?)?
通过插入到表中创建帐户时,您使用的用户名是txtName.Text
,但检查凭据时使用的是txtser.Text
为什么要使用随机salt?不是每次加密的salt都必须相同吗?我已将您的代码粘贴到一个新项目中,当我为同一密码连续运行两次Compute
方法时,我会得到两个不同的结果…显然这不起作用。请尝试传递salt值,而不是Nothing
,一个nd在创建帐户和比较登录时使用相同的salt。以下是一些有效的示例代码:
Dim thePass As String = "MyPassword"
Dim theSalt As String = "salt"
Dim pass As String = Compute(thePass, "SHA512", Encoding.UTF8.GetBytes(theSalt))
Console.WriteLine(pass)
Dim pass2 As String = Compute(thePass, "SHA512", Encoding.UTF8.GetBytes(theSalt))
Console.WriteLine(pass2) 'pass and pass2 are identical
希望这有帮助!除非我不知道(不太熟悉这门语言),否则你不会把盐放在任何地方
您必须使用创建验证帐户时使用的盐
另一方面:您可以为每个用户帐户生成随机salt,也可以为所有帐户使用固定salt。这两种方法都有效。第一种方法在理论上更安全,但如果salt足够长,两种方法都可以用于实际目的。否。用户注册和用户登录在不同的页面上处理。这只是控件名这是不同的。我将静态盐的大小设置为8,但仍然没有运气。很好的建议though@Logan:加密和比较之间的salt必须完全相同。不仅仅是静态大小。您不希望salt中有任何随机性,否则密码将永远不匹配。只有在我上次评论后才意识到您的意思。谢谢您的帮助。它不起作用w^^@Logan:另请参阅Dennis的见解文章。如果您想使用随机salt,您必须存储salt,并且您仍然必须确保您使用相同的salt值来比较凭据,就像您最初使用salt密码一样。祝您好运!参考:还有,以及来自它的链接
Dim thePass As String = "MyPassword"
Dim theSalt As String = "salt"
Dim pass As String = Compute(thePass, "SHA512", Encoding.UTF8.GetBytes(theSalt))
Console.WriteLine(pass)
Dim pass2 As String = Compute(thePass, "SHA512", Encoding.UTF8.GetBytes(theSalt))
Console.WriteLine(pass2) 'pass and pass2 are identical