我有一个问题，到现在我已经处理了几个小时，而且还在发疯。

上下文

我有一个旧数据库，该数据库使用以下算法存储密码。旧版代码使用了Python library。

• 具有SHA256的PBKDF2
• 1000次迭代
• 盐的长度为8
• 密码的存储方式如下 $ salt $ hashedPassword

我正在为新系统切换登录流程，我需要将该旧算法迁移到新算法。新系统使用.netcore

问题

我想做的事甚至有可能吗？我该如何实现？

我的逻辑指示是，我可以放点盐，然后使用.netcore加密库重新创建哈希算法，但是它无法正常工作，并且该函数始终返回false。

旧版代码

from werkzeug.security import generate_password_hash,check_password_hash

def setPassword(self,password):
    self.password = generate_password_hash(password,method='pbkdf2:sha256')

generate_password_hash 来自库this is the code

SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

def generate_password_hash(password,method="pbkdf2:sha256",salt_length=8):
    """Hash a password with the given method and salt with a string of
    the given length. The format of the string returned includes the     method
    that was used so that :func:`check_password_hash` can check the hash.
    The format for the hashed string looks like this::
        method$salt$hash
    This method can **not** generate unsalted passwords but it is possible
    to set param method='plain' in order to enforce plaintext passwords.
    If a salt is used,hmac is used internally to salt the password.
    If PBKDF2 is wanted it can be enabled by setting the method to
    ``pbkdf2:method:iterations`` where iterations is optional::
        pbkdf2:sha256:80000$salt$hash
        pbkdf2:sha256$salt$hash
    :param password: the password to hash.
    :param method: the hash method to use (one that hashlib supports).     Can
               optionally be in the format ``pbkdf2:<method>[:iterations]``
               to enable PBKDF2.
    :param salt_length: the length of the salt in letters.
    """
salt = gen_salt(salt_length) if method != "plain" else ""
h,actual_method = _hash_internal(method,salt,password)
return "%s$%s$%s" % (actual_method,h)

def gen_salt(length):
    """Generate a random string of SALT_CHARS with specified     ``length``."""
    if length <= 0:
        raise ValueError("Salt length must be positive")
    return "".join(_sys_rng.choice(SALT_CHARS) for _ in range_type(length))

代码

using System;
using system.security.Cryptography;
using System.Text;

namespace test_pwd
{
    class Program
    {
        static void Main(string[] args)
        {

            var res = SameHash("Qwerty12","84e8c8a5dbdafaf23523ffa5dfecf29d53522a35ca4c76fa877c5fcf9eb4b654","laSgSC6R");
            Console.WriteLine(res);
        }

        public static bool SameHash(string userpwd,string storedHash,string storedSalt)
        {
            var saltByte = Encoding.UTF8.GetBytes(storedSalt);
            var rfc = new Rfc2898DeriveBytes(userpwd,saltByte,1000);
            var baseString = Convert.ToBase64String(rfc.GetBytes(64));
            return baseString == storedHash;
        }
    }
}

基本字符串转换为

k6vhCweBNz8ymMeEdhi+1czrea+oTTYLrW1OuwdinA78AFyEXKitpKUGLCt1ZdyS1Vka8Cptzd5u5Uzdbi4MbA==

与我发送的存储的密码哈希不同。我做错了还是这个想法可行？