您是否正在尝试以加密形式存储数据,然后将其解码以便以后显示?
如果是这样,则基本散列不适合使用,而是需要一种加密算法,该算法使用已知的加密密钥对其进行加密或解密。
如果要处理密码,最好比较散列值以确定提供的值是否正确,这是为了尽可能避免以明文形式处理密码。
这是一个实用程序类,确实证明了这一点
/// <summary>
/// This is a utility class that can be used to securely hash and verify a password.
/// The output from the Hashing process includes a header to identify that the value
/// has been produced using this code,the salt value used to produce the has and the hash value
/// itself.
/// Note: the salt value is randomly produced for each hashed password.
/// </summary>
public static class PasswordHashUtility
{
/// <summary>
/// Size of salt for Hash production
/// </summary>
private const int SaltSize = 16;
/// <summary>
/// Size of Has
/// </summary>
private const int HashSize = 20;
private const string HashType = "$MBnYt1!?$V1";
public static int HashIterations = 1000;
/// <summary>
/// Creates a hash from a password.
/// </summary>
/// <param name="password">The password.</param>
/// <param name="iterations">Number of iterations.</param>
/// <returns>The hash</returns>
public static string Hash(string password,int iterations)
{
// Create salt
var salt = new byte[SaltSize];
var cryptoServiceProvider = new RNGCryptoServiceProvider();
cryptoServiceProvider.GetBytes(salt);
// Create hash
var pbkdf2 = new Rfc2898DeriveBytes(password,salt,iterations);
var hash = pbkdf2.GetBytes(HashSize);
// Combine salt and hash
var hashBytes = new byte[SaltSize + HashSize];
Array.Copy(salt,hashBytes,SaltSize);
Array.Copy(hash,SaltSize,HashSize);
// Convert to base64
var base64Hash = Convert.ToBase64String(hashBytes);
// tidy-up
cryptoServiceProvider.Dispose();
pbkdf2.Dispose();
// Format hash with extra information
return $"{HashType}{iterations}${base64Hash}";
}
/// <summary>
/// Checks if hash has been produced by this utility.
/// </summary>
/// <param name="hashString">The hash type name</param>
/// <returns>True if supported</returns>
public static bool IsHashSupported(string hashString)
{
return hashString.StartsWith(HashType);
}
/// <summary>
/// Verifies a password against a hash.
/// </summary>
/// <param name="password">The password to verify</param>
/// <param name="hashedPassword">The hash value to verify against</param>
/// <returns>Could be verified?</returns>
public static bool Verify(string password,string hashedPassword)
{
// Check hash
if (!IsHashSupported(hashedPassword))
{
throw new NotSupportedException("The hash type is not supported");
}
// Extract iteration and Base64 string
var splitHashString = hashedPassword.Replace(HashType,"").Split('$');
var iterations = int.Parse(splitHashString[0]);
var base64Hash = splitHashString[1];
// Get hash bytes
var hashBytes = Convert.FromBase64String(base64Hash);
// Get salt
var salt = new byte[SaltSize];
Array.Copy(hashBytes,SaltSize);
// Create hash with given salt
var pbkdf2 = new Rfc2898DeriveBytes(password,iterations);
var hash = pbkdf2.GetBytes(HashSize);
//tidy-up
pbkdf2.Dispose();
// Get result
for (var i = 0; i < HashSize; i++)
{
if (hashBytes[i + SaltSize] != hash[i])
{
return false;
}
}
return true;
}
}
,
哈希字符串的想法是,它不能被反转。 This Question解释了为何如此难以逆转。因此,据我所知,基本上,您要尝试做的事情是不可能的。
,
您正在使用SHA512
(一种哈希算法)。哈希算法是不可逆的,不能解密。这主要用于密码检查和文件完整性检查。
本文链接:https://www.f2er.com/3167677.html