我有一个问题,到现在我已经处理了几个小时,而且还在发疯。
上下文
我有一个旧数据库,该数据库使用以下算法存储密码。旧版代码使用了Python library。
- 具有SHA256的PBKDF2
- 1000次迭代
- 盐的长度为8
- 密码的存储方式如下 $ salt $ hashedPassword
我正在为新系统切换登录流程,我需要将该旧算法迁移到新算法。新系统使用.netcore
问题
我想做的事甚至有可能吗?我该如何实现?
我的逻辑指示是,我可以放点盐,然后使用.netcore加密库重新创建哈希算法,但是它无法正常工作,并且该函数始终返回false。
旧版代码
from werkzeug.security import generate_password_hash,check_password_hash
def setPassword(self,password):
self.password = generate_password_hash(password,method='pbkdf2:sha256')
generate_password_hash 来自库this is the code
SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
def generate_password_hash(password,method="pbkdf2:sha256",salt_length=8):
"""Hash a password with the given method and salt with a string of
the given length. The format of the string returned includes the method
that was used so that :func:`check_password_hash` can check the hash.
The format for the hashed string looks like this::
method$salt$hash
This method can **not** generate unsalted passwords but it is possible
to set param method='plain' in order to enforce plaintext passwords.
If a salt is used,hmac is used internally to salt the password.
If PBKDF2 is wanted it can be enabled by setting the method to
``pbkdf2:method:iterations`` where iterations is optional::
pbkdf2:sha256:80000$salt$hash
pbkdf2:sha256$salt$hash
:param password: the password to hash.
:param method: the hash method to use (one that hashlib supports). Can
optionally be in the format ``pbkdf2:<method>[:iterations]``
to enable PBKDF2.
:param salt_length: the length of the salt in letters.
"""
salt = gen_salt(salt_length) if method != "plain" else ""
h,actual_method = _hash_internal(method,salt,password)
return "%s$%s$%s" % (actual_method,h)
def gen_salt(length):
"""Generate a random string of SALT_CHARS with specified ``length``."""
if length <= 0:
raise ValueError("Salt length must be positive")
return "".join(_sys_rng.choice(SALT_CHARS) for _ in range_type(length))
代码
using System;
using system.security.Cryptography;
using System.Text;
namespace test_pwd
{
class Program
{
static void Main(string[] args)
{
var res = SameHash("Qwerty12","84e8c8a5dbdafaf23523ffa5dfecf29d53522a35ca4c76fa877c5fcf9eb4b654","laSgSC6R");
Console.WriteLine(res);
}
public static bool SameHash(string userpwd,string storedHash,string storedSalt)
{
var saltByte = Encoding.UTF8.GetBytes(storedSalt);
var rfc = new Rfc2898DeriveBytes(userpwd,saltByte,1000);
var baseString = Convert.ToBase64String(rfc.GetBytes(64));
return baseString == storedHash;
}
}
}
基本字符串转换为
k6vhCweBNz8ymMeEdhi+1czrea+oTTYLrW1OuwdinA78AFyEXKitpKUGLCt1ZdyS1Vka8Cptzd5u5Uzdbi4MbA==
与我发送的存储的密码哈希不同。我做错了还是这个想法可行?